Security-related variables using hardcoded defaults

[fmigneault]

The fact that they're hardcoded at all is a problem though. Because even without the changes you've made here, we could still override MAGPIE_ADMIN_USERNAME and then the JUPYTERHUB_ADMIN_USERS would no longer match.

Why don't we make an issue for this and we'll fix it in a later PR

_Originally posted by @mishaschwartz in https://github.com/bird-house/birdhouse-deploy/pull/415#discussion_r1450796302_

https://github.com/bird-house/birdhouse-deploy/blob/10128e58d51ca3e4b9e4022972944bfdd1f87556/birdhouse/env.local.example#L27

The above variable should use the expected reference to MAGPIE_ADMIN_USERNAME. Other locations using similar configurations must be adjusted and validated.

[mishaschwartz]

Note for later:

• we should also raise a warning if the ALLOW_UNSECURE_HTTP variable is set to True (it should not be set to True in a production environment so we should warn the user)