Listen on 0.0.0.0:6876 through cli

[antiguru]

At the moment, we're exposing the default DB port 6876 only to localhost,
but the internal one to all addresses. This makes it difficult to test the
console locally because it needs access to 6876, and running it on the
host's network can cause other port collisions.

For this reason, open up connections to 6876 to all hosts. This is not a
security regression as we're already opening the internal endpoint to all
addresses.

Checklist

• This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
• This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
• If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
• If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).
• If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.

[benesch]

Seems fine to me, but deferring to @def- who defaulted these to bind to 127.0.0.1 in the first place. Perhaps we should just wholesale roll that change back? If 6876 and 6878 are exposed, there's no security benefit to leaving 6875 and 6877 closed.

[def-]

I cared mostly about changing the defaults for the docker emulator so that people don't run our tutorials and accidentally expose Materialize to the world.

[teskje]

Maybe adjust the comment too? Otherwise someone might in the future realize that Prometheus only needs 6878 and revert the change.