Increase the security of JWT token generation by using DJANGO_SECRET_KEY as well as user-specific salt for the signature
Reported by https://eldritch.cafe/@alice (related to a security audit conducted for !826 (merged))
This will invalidate existing token, but ensure that an attacker with access to the DB cannot forge tokens in the future (they'd need access to the SECRET_KEY as well).