Intentionally fail if in production and SECRET is not set
We should not just generate a random SECRET at runtime when in production, as the resulting behavior would be confusing for users/admins.
I think we should fail with an appropriate message instead.
This would also help with !84 (comment 8013)