I noticed this on the HA branch, but it seems to actually affect non-HA branch 0.23 if security is enabled. When the NN starts up, if security is enabled, we start the delegation token secret manager, which then tries to call logUpdateMasterKey. This fails because the edit logs may not be written while in safe-mode.
It seems to me that there's not any necessary reason that you have to make a new master key at startup, since you've loaded the old key when you load the FSImage. You'd only be lacking a DT master key on a fresh cluster, in which case we could have it generate one at format time.