This PR contains 2 separate changes ...

External MongoDB

This is a copy of a change already in the hashgraph repo, to allow the DB_HOST envvar to contain a full connection string to MongoDB so we can use an external host, use the mongodb+srv protocol, specify username and password, and other connection options.

Store Secrets in MongoDB

Allow the SECRET_MANAGER envvar to be set to MONGODB to have secrets stored in MongoDB.

The rationale for this is that connecting to either of the recommended secrets manager options (AWS or Vault) can be complex if you're deploying outside of AWS/Azure. The option of deploying Vault locally is complex for smaller organizations without dedicated ops support.

Secrets are stored in a secrets collection in the database.

By default the secrets would be plain text, but can be encrypted by setting an encryption key in the MONGO_ENCRYPTION_KEY envvar.

Some secrets are accessed by the startup logic in various services that executes prior to establishing a connection to the database. These are picked up from the runtime environment by the MONGODB secrets management rather than loading them into the secrets table using a seeding process, as is the approach taken by other secrets handlers.