configure shared secrets by default

[willb]

There is a remote code execution vulnerability in the Spark master (CVE-2018-17190). This is not urgent for our deployments (if you can run arbitrary code in an OpenShift project, you don't need to exploit the Spark master to do it), but the workaround (enabling authentication) is fairly simple.

We should generate a shared secret on cluster creation and set spark.authenticate to true.

references:

• https://nvd.nist.gov/vuln/detail/CVE-2018-17190
• https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E
• https://spark.apache.org/docs/latest/security.html