Secrets are hard coded in plain text

[OliverWoolland]

Several of the keycloak secrets are just there in env files - we should use docker secrets instead

[ianhinder]

Check whether this has been fixed in the refactoring, and if not, suggest that it is. In any case, if we deploy it at Manchester, we cannot have this.

[elichad]

• check if this was addressed by Notts refactoring work
• raise upstream if it wasn't
• change it for ourselves if needed but don't try to align with upstream