Do not hardcode sslmode=disable to Postgres connection strings - make it configurable

This is backward-compatible with what we had before. We're not changing
the SSL mode - just making it configurable.

Most components are defaulting to `sslmode=disable`, while some
(`matrix-bot-matrix-reminder-bot` and others) do not specify an `sslmode` at all.

We're making sslmode configurable, because certain external Postgres
servers may be configured to require SSL encryption.
In such cases `sslmode=disable` does not work and needs to be changed to
`sslmode=require` or something else (`verify-ca`, `verify-full`, etc).

roles/custom/matrix-bridge-appservice-irc/defaults/main.yml

@@ -33,10 +33,11 @@ matrix_appservice_irc_database_password: 'some-password'
 matrix_appservice_irc_database_hostname: ''
 matrix_appservice_irc_database_port: 5432
 matrix_appservice_irc_database_name: matrix_appservice_irc
+matrix_appservice_irc_database_sslmode: disable
 
 # This is just the Postgres connection string, if Postgres is used.
 # Naming clashes with `matrix_appservice_irc_database_connectionString` somewhat.
-matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode=disable'
+matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode={{ matrix_appservice_irc_database_sslmode }}'
 
 # This is what actually goes into `database.connectionString` for the bridge.
 matrix_appservice_irc_database_connectionString: |-  # noqa var-naming