First of all make sure that development, staging and production environments are 100% independent. Therefore MySQL accounts should be separate too. It helps to make version upgrades smoothly and it's more secure. In Percona I did a dozen of recovery cases where a developer dropped a production database just because the production and development databases shared his account.
Having said that a developer should have a read-write account on the development database, read-only account on the staging database and read-only on the production.
Create the accounts for each developer, so they are responsible for storing them in secure place. Thus, you don't need to bother how to store/share accounts in safe manner.
Obviously passwords shouldn't be stored in a repository. Keep config templates in the source code tree:
# cat config.php
<?php
$mysql_user="@@MYSQL_USER@";
$mysql_password="@@MYSQL_PASSWORD@";
$mysql_host="@@MYSQL_HOST@";
$mysql_db="@@MYSQL_DB@";
?>
To make sure it's not overwritten during an upgrade tell that in .spec file
%files www
%config(noreplace) %attr(640, root, apache) %{_sysconfdir}/%{project_name}/config.php