Don't allow/warn about 'default' secrets

[kthhrv]

• use of a 'default' secret is probably in error, prod and staging databases for example should have different passwords
• envars add and envars validate should at least warn about default secrets

[kthhrv]

addressed in v2