Add Escaping for Identifiers and Literals in Migrations

[grahamhoyes]

Fixes #537

Adds escaping for identifiers (table names, users, etc) using pq.QuoteIdentifier, and for literals using pq.QuoteLiteral. This allows usernames with characters like - and @, passwords with ', and resolves a SQL injection vulnerability.

Updates github.com/lib/pq to the latest version. It needed to be upgraded to at least v1.2.0, which added the QuoteLiteral function.

Verification done thus far:

• Ran homer image targeting a database with a regular username/password
• Ran homer targeting a GCP Cloud SQL database with IAM authentication (which has - and @ in the username)
• Ran the initialization commands in the readme
• Loaded the image onto a dev environment with a real setup and poked around in it

[CLAassistant]

All committers have signed the CLA.

[grahamhoyes]

Got this running in a few environments, everything seems to be working as expected. @lmangani if there's any other testing you'd like to see let me know, otherwise this should be good for you to review.

[lmangani]

Thanks @grahamhoyes the change is under review and we'll have an update soon! We appreciate your contribution!

[lmangani]

@adubovikov please review whenever possible 👍

[grahamhoyes]

Apologies if there's a proper process I'm missing, but would it be possible to make a release that contains this @adubovikov? 1.4.59 was made just before this was merged.

Thanks!