Do not generate the secret key every time Flask starts

Currently we generate random SECRET_KEY every time flask starts. This has some negative side effects e.g. this breaks session cookies.

If we want to use CSRF protection for sending forms (we really should do this!) it will result in random CSRF token fails (in this case flask usually responds with 400 Bad request).

Details are described here - https://stackoverflow.com/questions/27287391/why-not-generate-the-secret-key-every-time-flask-starts

It is better practice to have in code some dummy and constant SECRET_KEY which makes CSRF work ok in DEV and in tests. We can add a comment in code/docs that whenever one wants to deploy keama web, SECRET_KEY should be generated by e.g. UUID generator.