Use dotenv for secrets (closes #13)
This implements the use of dotenv for secrets.
Henceforth any secrets are put in the file .env.${NODE_ENV} in the root of your pubsweet app.
For example, if you're running in dev mode, your /APP_DIR/.env.dev file contains env vars specified like this:
SOME_SECRET=foo
ANOTHER_SECRET=124816This requires https://gitlab.coko.foundation/pubsweet/pubsweet-backend/merge_requests/6.