Support POSTGRES_HOST_AUTH_METHOD=peer

[nathanweeks]

Currently, only the "trust" auth-method is supported out-of-the-box for local connections. It could be useful to also support peer authentication to facilitate more convenient & secure deployments of applications where a postgres client that can benefit from the performance of a unix domain socket connection is colocated on the same host as the postgres server (e.g., via docker compose, or within a Kubernetes Pod).

This PR proposes adding support for setting the evironment variable POSTGRES_HOST_AUTH_METHOD=peer. Like POSTGRES_HOST_AUTH_METHOD=trust, this would obviate the need to set POSTGRES_PASSWORD.

When POSTGRES_HOST_AUTH_METHOD=peer, this PR also suggests also starting postgres with -c listen_addresses='' to disable listening on a TCP port for additional security (and to potentially help make client misconfiguration issues more obvious), although the initdb --auth=peer writes a pg_hba.conf that allows "ident" authentication for TCP connections (which I'm admittedly unfamiliar with, and don't know how commonly it would be used in practice).

Concerns/feedback/suggestions appreciated!

[tianon]

Similar to #713 (comment), I'd suggest POSTGRES_INITDB_ARGS=--auth=peer, which should do the trick.

[nathanweeks]

@tianon : thanks for the tip! Setting POSTGRES_INITDB_ARGS=--auth=peer, POSTGRES_PASSWORD=some-phony-password, and adding -c listen_addresses='' to the CMD looks like it achieves the desired result. It might be useful to explicitly document this trick.