Separate credentials for Engine and UI database connections

Feature Request: Don't use same creds for UI and Engine pods to promote security through isolation

It is possible to run the Anchore Enterprise UI pod with a different database user account. For the purposes of easier audit and incident evaluation it would seem wise to use a separate username for these functions. I was able to accomplish this by using externalSecrets in values.yaml and using different credentials in the UI secret from the engine secret.

Further investigation would also likely allow us to isolate the level of permissions needed for these different accounts and reduce the scope earned by an attacker gaining access via the UI pod. Perhaps we could get Anchore to document the actual requirements of the various accounts? I've been successful at pre-setting up the database credentials minimally so I don't have to hand off DB root-ish credentials to the helm chart to get running so I know that's possible for example. This helps to be sure that db level access is properly isolated from the beginning and not dependent on the application properly dropping permissions, but leaving them hanging around where a breacher could potentially take advantage of them.