This commit generates a new secret key (used by Flask to sign cookies
and other stuff) the first time an instance is started within a data
directory. The key is not regenerated the next startups, to avoid
invalidating stuff.