initial_password: Add explicit development environment assertion.

The construction of INITIAL_PASSWORD_SALT is such that it should only
be set in development environments, but we should enforce this rule.

zerver/lib/initial_password.py

@@ -10,6 +10,10 @@ def initial_password(email: str) -> Optional[str]:
     created by populate_db."""
 
     if settings.INITIAL_PASSWORD_SALT is not None:
+        # We check settings.DEVELOPMENT, not settings.PRODUCTION,
+        # because some tests mock settings.PRODUCTION and then use
+        # self.login, which will call this function.
+        assert settings.DEVELOPMENT, "initial_password_salt should not be set in production."
         encoded_key = (settings.INITIAL_PASSWORD_SALT + email).encode()
         digest = hashlib.sha256(encoded_key).digest()
         return base64.b64encode(digest)[:16].decode()