Remove hardcoded secrets from public repo

- Remove default password fallback from POSTGRES_PASSWORD in docker-compose.yml
- Remove default password fallback from db.py and migrate.py
- Update .env.example with required POSTGRES_PASSWORD
- Update README to mark DATABASE_URL as required

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docker-compose.yml

@@ -5,7 +5,7 @@ services:
     image: postgres:16-alpine
     environment:
       POSTGRES_USER: artdag
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-artdag}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
       POSTGRES_DB: artdag
     volumes:
       - postgres_data:/var/lib/postgresql/data
@@ -45,7 +45,7 @@ services:
       - .env
     environment:
       - ARTDAG_DATA=/data/l2
-      - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD:-artdag}@postgres:5432/artdag
+      - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD}@postgres:5432/artdag
       - IPFS_API=/dns/ipfs/tcp/5001
       - ANCHOR_BACKUP_DIR=/data/anchors
       # ARTDAG_DOMAIN, ARTDAG_USER, JWT_SECRET from .env file