Improve calendar token authentication security
for #1112 (closed) Previously there would have been a tiny chance of two identical tokens being issued.
- also in prep for allowing different scopes of tokens for #1173 thus a concern
- also update puma due to CVE (version 6 breaks some system tests so we stick to 5)
Edited by Michael Prilop