[dev] make it easy to run in 'production' locally

[jameshadfield]

The more closely a local server can run compared to the production heroku server the easier it is to test and debug.

Currently it is difficult to run the server locally with NODE_ENV=production, which is one reason we run tests (including for CI) in development mode.

The main stumbling blocks seem to be:

• The environment variables needed (cf. development mode). These may be limited to SESSION_SECRET and SESSION_ENCRYPTION_KEYS (the latter of which must be a specific length).
• In production the heroku-ssl-redirect will redirect http://localhost to https://localhost. While you can get HTTPS localhost working, that's not actually how it works on Heroku (TLS certs are managed a level above our express app). Maybe a env variable NO_SSL_REDIRECT would be ok.

[tsibley]

This would be nice, for sure. It's totally possible. I not-infrequently run in true production mode with local Redis, local SSL, local secrets and encryption keys, etc. But yeah, it's a bit of setup (though not too onerous that I can't do it quickly).