I personally don't see any issue with having the connection string within App_Data
It shouldn't be a heavy lift to encrypt the connection string using a machine key or something similar.
An .NET specific deployment platform such as Octopus Deploy can handle transforms of all types with very little difficulty. Its lowest usage tier is free and should easily meet your needs.
For deployments to different environments, once Settings.txt is setup, there should be little to no reason to update that file going forward.