Database password is exposed in systemd unit file and process list

Generated unit files trillian-server.service and trillian-signer.service contain the password for the database user that the log uses. A user on the system can read it in the unit file, in the output of systemctl cat and, if any of the processes are running, in the output of ps.