Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy.

Django apps initialization to run management command triggers the admin
autodiscovery. Importing django.contrib.auth.tokens creates an instance
of PasswordResetTokenGenerator which required a SECRET_KEY.

For several management commands, the token generator is unused. It
should only complain about a missing SECRET_KEY when it is used.

django/contrib/auth/tokens.py

@@ -12,12 +12,19 @@ class PasswordResetTokenGenerator:
     """
     key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
     algorithm = None
-    secret = None
+    _secret = None
 
     def __init__(self):
-        self.secret = self.secret or settings.SECRET_KEY
         self.algorithm = self.algorithm or 'sha256'
 
+    def _get_secret(self):
+        return self._secret or settings.SECRET_KEY
+
+    def _set_secret(self, secret):
+        self._secret = secret
+
+    secret = property(_get_secret, _set_secret)
+
     def make_token(self, user):
         """
         Return a token that can be used once to do a password reset