The endpoint reset_password takes longer if the email exists

[ericdoerheit]

Thank you for the great work.

During the integration of djoser into our application, it appeared to me that the endpoint /users/reset_password/ takes longer if the requested email exists. This could potentially allow an attacker to find out if a provided email address exist. One possible way to circumvent this is to add a random delay in both cases (at least as long as PASSWORD_RESET_SHOW_EMAIL_NOT_FOUND = False).