Don't store `users.static_object_token` in plaintext

Extracted from #199716 (closed) to simplify the issue flow.

Problem

With gitlab-foss!31025 (merged), we introduced a new token field (users.static_object_token) without digesting or encrypting the value.

We shouldn't store any in plaintext and we should also migrate existing ones.