fix(scripts): require DB_PASSWORD env var in setup-database.sh

PR #3 scrubbed ***REDACTED-LEGACY-PW*** from every env file, compose unit, and
deployment doc but missed scripts/setup-database.sh, which still hard-
coded DB_PASSWORD="***REDACTED-LEGACY-PW***" on line 17. That slipped past
gitleaks because the shell-escaped form (backslash-dollar) does not
match the L@kers?\$?2010 regex committed in .gitleaks.toml -- the
regex was written to catch the *expanded* form, not the source form.

This commit removes the hardcoded default and requires DB_PASSWORD to
be exported by the operator before running the script. Same pattern as
the rest of the PR #3 conversion (fail-fast at boot when a required
secret is unset) so there is no longer any legitimate reason for the
password string to live in the repo.

Verification:
  git grep -nE 'L@kers?\\?\$?2010' -- scripts/    # no matches
  bash -n scripts/setup-database.sh                   # clean

scripts/setup-database.sh

@@ -13,9 +13,15 @@ if [ "$EUID" -ne 0 ]; then
     exit 1
 fi
 
-DB_USER="explorer"
-DB_PASSWORD="***REDACTED-LEGACY-PW***"
-DB_NAME="explorer"
+DB_USER="${DB_USER:-explorer}"
+DB_NAME="${DB_NAME:-explorer}"
+if [ -z "${DB_PASSWORD:-}" ]; then
+    echo "ERROR: DB_PASSWORD environment variable must be set before running this script." >&2
+    echo "Generate a strong value (e.g. openssl rand -base64 32) and export it:" >&2
+    echo "  export DB_PASSWORD='<strong random password>'" >&2
+    echo "  sudo -E bash scripts/setup-database.sh" >&2
+    exit 1
+fi
 
 echo "Creating database user: $DB_USER"
 echo "Creating database: $DB_NAME"