Harden issuance of API tokens

When creating API tokens, debusine currently stores the actual tokens in its database and when the user later visits the token page, all earlier issued tokens can be displayed. I think this is not industry practice. A token should only be displayed to the user once. The database should only store a trapdoor function of the token. In case the database is compromised (information disclosure), an attacker cannot use the saved tokens if they are protected with a trapdoor function (defense-in-depth). Users are trained to issue a new token for each use making it easier to revoke tokens as reuse becomes unlikely. For comparison, see how gitlab/salsa issues tokens. Also consider expiring tokens (opt-out?).

Meta: This issue is rather low priority and it is expected that it can be fixed at a later time without increasing the development cost. The database migration would be irreversible.