Don't store `users.static_object_token` in plaintext
Extracted from #199716 (closed) to simplify the issue flow.
Problem
With gitlab-foss!31025 (merged), we introduced a new token field (users.static_object_token
) without digesting or encrypting the value.
Proposal
We shouldn't store any in plaintext and we should also migrate existing ones.