Ensure that git pull can reliably retrieve all settings files

[fureigh]

User story

As a developer, I want git pull to reliably retrieve all settings files, even ones that Drupal's install script normally write-protects, so that git will work as expected. (In other words, so that I can feel confident that I have the latest versions of the settings files.)

Steps to test

• Pull down the latest version of master.
• Run git status and verify that you don't already have any modified settings files. (If you do, please stash them for now or commit changes separately.)
• Run docker-compose build and docker-compose up. This will ensure that the Drupal install script has run.
• Check out a remote git branch (TK) that includes a change to a *settings*.php file.
• Run git status, and confirm that the updated settings file isn't listed as modified.

Technical notes

• This especially concerns /web/sites/default/*.
• Git itself doesn't store permissions, so there's no risk of/in pushing write-unprotected files to the repository.
• Let's check whether to also include a hook re: cf push or the equivalent, though, to guard against accidentally deploying those files in a write-unprotected state. (The current setup only deploys from master, so this should only be relevant to test deployments during development.)

Follow-up on #223.