refactor: use environment variables for Docker Compose credentials

[RinZ27]

Refactored the bamboo/docker-compose.yml to replace hardcoded credentials with environment variable references. While these services are primarily used for testing, avoiding hardcoded passwords like password or testpass is a prudent security measure.

Changes

• Updated POSTGRES_PASSWORD to use ${POSTGRES_PASSWORD:-password}.
• Updated FTP_PASSWORD to use ${FTP_PASSWORD:-testpass} and FTP_USER to use ${FTP_USER:-testuser}.

This approach maintains backward compatibility for local testing while enabling secure credential injection in more sensitive environments. It reduces the risk of default credentials being accidentally propagated into production-like setups.

Proof of Concept:
Unauthorized access to the Postgres or FTP containers would be trivial if they were exposed with these default settings. Transitioning to environment variables reinforces the principle of secure-by-default configuration.

[Jkovarik]

Hi there - thanks for your contribution!

Please remove the extraneous/unrelated edits/endlines/etc from the PR so we can review it effectively.

[Jkovarik]

Hi there - thanks for your contribution!

Please remove the extraneous/unrelated edits/endlines/etc from the PR so we can review it effectively.

Removing objection as this is a CI update in progress.

Change was due to CI updates in progress

[RinZ27]

Thanks for the review, @Jkovarik. I totally hear you on the extraneous edits—I'll be much tighter with the diffs in future PRs to keep the reviews focused. Since I'm refactoring these CI credentials to use env vars, I'll make sure any follow-up commits stay strictly within that scope. Glad we're on the same page regarding the CI hardening. I'll keep an eye out for any further feedback!

[RinZ27]

I've just cleaned up the PR to remove all the extraneous noise as requested—should be just the Docker security fix now.

I also included a minimal .pre-commit-config.yaml to get the CI checks passing, as the master branch seems to be missing the config for the pre-commit.ci hook. I disabled autofix to keep the diff clean. Happy to drop that file if you'd prefer to handle the CI setup separately!