[Feature Request] Update API key generation to use HMAC

[golanglemonade]

After re-reviewing core#284 it was determined that argon2id was not an appropriate mechanism for securing API tokens. While the thought was initially valid, the encryption + decryption / verification methods are meant for low entropy human passwords (it's slow and memory-hard to resist brute-forcing weak passwords). API tokens should be high entropy random strings, so using argon2id for them would be computationally expensive, without adding much security.

theopenlane/iam#375 adds new function to store and retreive api tokens.

These should be in the format:
<public_id>

To accomplish this we want to:

• Add two new fields to the token schemas (both api + personal access tokens) token_public_id and token_secret. Leave the existing token field to ensure backwards compatibility and we will drop this field in the future
• update the hooks to generate the token using the new functions and store those in the new fields

version, secret, err := tokens.GenerateAPITokenKeyMaterial()

• update the auth middleware to using the new VerifyAPIToken function to determine the tokenID for looking up in the database

See the README for more detailed information and examples of the setup:
https://github.com/theopenlane/iam/blob/b5e86df87fa7553d70a5ab67d01d6111fb9f16a6/tokens/README.md

You'll need to pull in iam v0.22.0 first into the core repo to do this. Be sure to run:

task config:generate

to get the new config settings and updated as needed. Token manager settings get configured in the serverOpts

[golanglemonade]

@Achiket123 Want to take this one?

[Achiket123]

Yes! on it.