The documentation for Ed25519-dalek states the following for Secretkey:
The caller is responsible for ensuring that the bytes represent a masked secret key.
https://docs.rs/ed25519-dalek/0.3.2/ed25519_dalek/struct.SecretKey.html
What does a masked secret key mean in this context?
You're looking at an older version of the library, where SecretKey was 64 bytes, consisting of the 32-byte raw secret key, followed by the hashed and masked/clamped secret key scalar multiplied by the base point to produce a 32-byte public key.
The comment is unclear, but if you were expecting to simply provide random bytes to the SecretKey initializer, the signing process would break.
The library has been completely rewritten since then, and the new constructor can simply be given 32 random bytes.
