Add support for Docker secrets

Docker secrets work with files exposed at `/run/secrets/<secret>` inside the container. It's common practice to allow all environment variables to also be specified with a `_FILE` suffix, in order to read a secret.