Replace .env with docker secrets

[tisboyo]

.env is not the most secure way of storing secure data (api keys) and the current recommendation I'm finding is to use docker secrets.

We should eventually move over to that.

https://docs.docker.com/engine/swarm/secrets/#example-use-secrets-with-a-service

[tisboyo]

Also move some values out of config.json for the bot (webhook)