Prefixed tokens

@Mstrodl was talking to me over how the tokens in https://gitlab.com/luna/litecord were always the same, and since elixi.re uses kind of the same authentication flow, I looked over and the same "issue" was happening, issue with quotemarks because it is a problem but only in the case of a token leak or a db leak, which did not happen in current production.

The changes in this MR are as follows:

• All tokens will use more information to feed Signer / TimestampSigner
  • This is a shared secret that can be quickly changed in the case of a DB leak, making it infeasible for an attacker to generate tokens, given the password hash.
• All newly issued API keys will follow a new format
  • They will use TimestampSigner
  • They will have a u prefix (for "uploader token", in frontend)
• All old API keys will still be functional for any amount of time (1 month).

I'm asking for approval from all core developers before merging as those are changes in the core of authentication flow and have backwards-breaking changes (at least after the 1 month timeframe).