Initialize SecureRandom only once

[loheander]

On many linux platforms it can take a long time to initialize SecureRandom since it uses a blocking filesystem call to /dev/random to generate its seed. In a production environment where you are signing thousands of JWT tokens all this blocking IO adds up and starts to consume a significant part of the app resources.

This pull request changes the code so that the SecureRandom object is only created and seeded once and thereafter reused. This gives the same highly secure random bytes, just using less system resources.