Implements blueprint automatic-secure-key-generation
Reduce the likeliness that the (commented-out) default key is abused
and document possible options instead.
Also use a non-empty SECRET_KEY for development / testing environments.
A later patch would make it a hard error if no SECRET_KEY is defined
(i.e. Django defaults to an empty string which is anything but secure).
Unfortunately, I can't do it now as the devstack integration test would
fail (they don't set a SECRET_KEY either) currently. So, when this
blueprint is accepted, I would submit a fix to devstack and afterwards
add the error message to warn the user about insecure defaults.
Addressed PEP-8 issues