Generated password are logged without an "unsuitable for production use" note

Currently `ReactiveUserDetailsServiceAutoConfiguration` and `UserDetailsServiceAutoConfiguration` log generated passwords so that they can be used by the developer. We should include an additional note to let them know that they should not go to production without setting a real one.