Use a more secure way of generating a random file suffix.

[lewiscollard]

(Hi, me from HN again!)

Currently, filenames were being generated by appending four random lower-case digits. This meant that there were only 456976 possible prefixes, which is more than reasonable to brute-force, even with the hourly removal of files in the cron job. It is also using random, which is documented as not suitable for generating secure tokens.

In its place, we can use secrets.token_urlsafe(8), which is 8 bytes of randomness, or 1.8446744e+19 possible filenames. I think this is sufficiently safe, especially with the cleanup task removing files every hour.

Bonus changes: I re-grouped and re-arranged (stdlib imports, then package imports, then local imports) the imports, and removed an unused one.

[baicunko]

Thanks, in fact someone tried yesterday to brute force the media folder. rate limit in nginx fixed this but this is way more appropiate. If i'm not correctly merging the pull requests please tell me! First time managing this haha