[SECURITY-49] mark secret.key generated by post SECURITY-49 Jenkins.

If JENKINS_HOME is created by a post SECURIT-49 Jenkins (LTS, and other
variants), then there's no need to alarm the user.
(cherry picked from commit 3dc13b9)

core/src/main/java/jenkins/model/Jenkins.java

@@ -199,6 +199,7 @@
 import jenkins.model.ProjectNamingStrategy.DefaultProjectNamingStrategy;
 import jenkins.security.ConfidentialKey;
 import jenkins.security.ConfidentialStore;
+import jenkins.util.io.FileBoolean;
 import net.sf.json.JSONObject;
 import org.acegisecurity.AccessDeniedException;
 import org.acegisecurity.AcegiSecurityException;
@@ -773,6 +774,10 @@ protected Jenkins(File root, ServletContext context, PluginManager pluginManager
                 sr.nextBytes(random);
                 secretKey = Util.toHexString(random);
                 secretFile.write(secretKey);
+
+                // this marker indicates that the secret.key is generated by the version of Jenkins post SECURITY-49.
+                // this indicates that there's no need to rewrite secrets on disk
+                new FileBoolean(new File(root,"secret.key.not-so-secret")).on();
             }
 
             try {

core/src/main/java/jenkins/security/RekeySecretAdminMonitor.java

@@ -64,7 +64,9 @@ public RekeySecretAdminMonitor() throws IOException {
         // this computation needs to be done and the value be captured,
         // since $JENKINS_HOME/config.xml can be saved later before the user has
         // actually rewritten XML files.
-        if (Jenkins.getInstance().isUpgradedFromBefore(new VersionNumber("1.496.*")))
+        Jenkins j = Jenkins.getInstance();
+        if (j.isUpgradedFromBefore(new VersionNumber("1.496.*"))
+        &&  new FileBoolean(new File(j.getRootDir(),"secret.key.not-so-secret")).isOff())
             needed.on();
     }