Move synapse-auto-compressor Postgres argument to an environment variable

This provides an additional security benefit. The password won't leak in
the process list anymore.

roles/custom/matrix-synapse-auto-compressor/tasks/install.yml

@@ -1,12 +1,26 @@
 ---
+
 - name: Ensure synapse-auto-compressor paths exist
   ansible.builtin.file:
-    path: "{{ matrix_synapse_auto_compressor_container_src_files_path }}"
+    path: "{{ item.path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_synapse_auto_compressor_container_image_self_build | bool
+  when: item.when | bool
+  with_items:
+    - path: "{{ matrix_synapse_auto_compressor_base_path }}"
+      when: true
+    - path: "{{ matrix_synapse_auto_compressor_container_src_files_path }}"
+      when: "{{ matrix_synapse_auto_compressor_container_image_self_build }}"
+
+- name: Ensure synapse-auto-compressor labels installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/env.j2"
+    dest: "{{ matrix_synapse_auto_compressor_base_path }}/env"
+    mode: 0640
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
 
 - name: Ensure synapse-auto-compressor image is pulled
   community.docker.docker_image: