guide user through secrets.yml usage for backend deployment

[davidcheung]

currently the deployment of backend services expects user to have secret named <project-name> in <project-name> namespace, and will fail to create container unless manually create. which isn't very explicit for the user

• create best practice flow for user to create application specific db-user / password and use connection string as env-var to inject such into their application

[davidcheung]

see commitdev/zero-backend-go#24 for impl details
we ended up just creating it for the users

The backend service expects a sercet with DB_PASSWORD and DB_USERNAME
Currently we provision an RDS with a master password, and its a horrible idea for application to use master password to connect to db, this PR creates an extra step during apply to create a application specific user in the db and a k8s-secret

the manifest creates 4 things
Namespace: db-ops
Secret in db-ops: db-create-users (with master password, and a .sql file
Job in db-ops: db-create-users (runs the .sql file against the RDS given master_password from env)
Secret in Application namespace with DB_USERNAME / DB_PASSWORD
then it deletes the db-ops namespace leaving only the Secret in Application namespace behind