Create bootstrap user and project only via SQLAlchemy models

Currently we construct the bootstrap user and project via direct MySQL
in docker_run.sh
(https://github.com/openstack/craton/blob/master/tools/docker_run.sh#L41). Besides
not supporting other databases, this construction has a variety of problems:

1. docker_run.sh is not for production usage; but it is the only
   source of "documentation" for how these bootstrap objects are
   created. This means that deployers need to constantly synchronize
   with any changes.

2. One particular aspect of docker_run.sh that's not for production:
   the api_key for the default user (`bootstrap`) is currently
   hard-coded for dev/test purposes only, namely `bootstrap`. This
   convention is there to ensure it's seen as a CHANGEME, but it looks
   bad. Nowhere else in our codebase do we hardcode such values. We
   need to be able to generate cryptographically strong credentials
   instead (as seen with
   https://docs.python.org/3/library/secrets.html).

3. Construction of objects using our SQLAlchemy models are guaranteed
   to respect those models. Otherwise we run into this recurring
   problem, reported repeatedly by both us and our users:
   https://bugs.launchpad.net/craton/+bug/1668251 (It's recurring
   because it's so much a bug seen at a distance - as can be expected
   with a failing mismatch of model to underlying schema.)

The solution is straightforward (see for example the changes in
https://review.openstack.org/#/c/441644/2/craton/tests/functional/__init__.py);
they simply need to be exposed by an appropriate command and
corresponding workflow.

One possibility:

$ craton-dbsync bootstrap [--username $USERNAME] [--projectname $PROJECTNAME]

The --username and --projectname options default to "bootstrap" respectively. The output of this command will be the following lines of output, suitable for being eval'ed:

OS_PROJECT_ID=...
OS_USERNAME=...
OS_PASSWORD=...

Other output formats may be chosen, namely JSON, but the above format should facilitate usage in scripting to construct the desired initial users/projects via the REST API, including any RBAC, variables, etc.

If the desired bootstrap username/project name already exists, then the existing credentials for it are returned. Note that Craton is not a secure secrets store! Access to dbsync implies that full database access is available.