Access Tokens should be hidden by default upon loading a page

Problem

When a user visits https://gitlab.com/-/profile/personal_access_tokens, the feed token and incoming email token is displayed on screen by default. This is not good from a security perspective. If a user is screen sharing, on a webcast, or a nefarious person is overlooking their screen, the onlookers can immediately get their tokens.

Proposal

Passwords and tokens should be hidden by default and a user should have to click a button to reveal the token or password. This approach would prevent accidental disclosure.

Implementation plan

1. Move app/assets/javascripts/runner/components/registration/registration_token.vue to vue_shared directory as masked_token.vue
2. Create a mount point in app/views/profiles/personal_access_tokens/index.html.haml#L35
3. Create a new component feed_and_email_token.vue in app/assets/javascripts/access_tokens that uses masked_token.vue
4. Mount the new feed_and_email_token.vue component