refactor: use .env for Authelia password hash

- Rename users_database.yml to users_database.template.yml
- Use envsubst to substitute AUTHELIA_USER_PASSWORD_HASH from .env
- Update configuration.yml to use /config/users_database.yml
- Add AUTHELIA_USER_PASSWORD_HASH environment variable to compose
- Password hash now stored securely in .env instead of git

net/compose.yaml

@@ -275,9 +275,13 @@ services:
       AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
       AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
       AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      AUTHELIA_USER_PASSWORD_HASH: ${AUTHELIA_USER_PASSWORD_HASH}
     volumes:
       - authelia_config:/config
       - ./authelia:/etc/authelia:ro
+    command: >
+      sh -c "envsubst < /etc/authelia/users_database.template.yml > /config/users_database.yml &&
+             authelia --config /etc/authelia/configuration.yml"
     networks:
       - compose_network
     labels: