Supplying passwords to wp-cli on command line is insecure

Currently the database and admin passwords are supplied to `wp-cli` via CLI options `--dbpass` and `--admin_password` respectively, which is insecure. `wp-cli` supports reading options from a config file (see [docs](https://make.wordpress.org/cli/handbook/config/#config-files)), which could be created in advance.