Allow for more portable config.php location

[jimallman]

Our PHP pages currently assume this is in the parent directory (above all FCDB pages) and that this means it's safe outside the web root. But this will not always match the setup on a given server. We should make the location of config.php configurable or take additional steps to secure it.

[jimallman]

I'm marking this as an enhancement, since we can use an .htaccess file to protect this. Beyond that, our root-relative URLs for images, style, etc. already force the web root to the directory holding all FCDB pages, so this file should fall outside of publicly-accessible space.