Unless explicitely set, the database name is nevertheless derived from
the user by the image's entrypoint, but we can make this more obvious by
defining a interpolation here.
Using environment variables for secret data like passwords is an
anti-pattern as they can easily leak. It's much safer to maintain the
data as a file. To prevent accidental commits of the password file, we
are adding a `.gitignore` file.
Using the `latest` tag is bad practice.
Also reference the full path of the container image including its
container registry as for example Podman Compose doesn't default to
Docker Hub.