* Upgrade provider plugins to latest release
* Improve README instructions
* Convert locals in main.tf to vars
* Add output for db proxy public IP to make connecting easier
* Add plan and crash.log to .gitignore
* Move backend config to backend.tf
* Move provider config to providers.tf
* Move required_versions to versions.tf
By setting `sensitive = true` on a variable or output, Terraform will
redact it from the plan/apply output. This prevents secrets from being
logged. This is a new feature in Terraform v0.14.
* Upgrade db from Postgres 11 -> 13
* Upgrade tfe and google provider plugins
* Remove google-beta provider since it's no longer needed
* Add .terraform-version file to support tfenv
* Add .vscode/ settings to play nice with VSCode
* Clean up .gitignore
The Cloud SQL Proxy container needs to mount the cloud-sql-proxy service
account key as a file so it can connect to the db. I was incorrectly
setting the permissions on this file to 400. Inside the container, the
proxy binary is being run by the `nonroot` user. This user has a
different uid compared to the user running `docker` outside the
container, so it can't read the file. The solution is to change the
permissions on the key to 444, so it's readable by `nonroot`.
