Switch to dotenv instead of secure.py

We should switch the application to load secure settings from environment variables rather than a python config file to ease migration away from our legacy tlt-ops infrastructure. A first step would be to switch to using [python-dotenv](https://pypi.org/project/python-dotenv/) to load from a `.env` file.