We have decided against including an insecure default key with a mere
warning. Therefore, unlike the admin and user secrets, the availability
of this secret is a hard requirement. The instance will not be able to
start before a secret has been generated manually or by a management
tool.
