Don't generate API keys with random.choice
Pagure uses pagure.lib.login.id_generator to generate API tokens, hook
tokens, etc, which is backed by random.choice. random.choice is backed
by the Mersenne Twister PRNG, which is *not* a CSPRNG and should never
be used for any security-related purposes[0].
Use the secrets API if it's available, and fall back to random backed by
/dev/urandom.
[0] https://docs.python.org/3/library/random.html
Signed-off-by: Jeremy Cline <jcline@redhat.com>