Refactor Access Tokens (#2651)

- Make session token-based instead of user-based
- Clear current session access tokens on logout
- Introduce increment ID so we can show tokens to moderators in the future without exposing secrets
- Switch to type classes to manage the different token types. New implementation fixes #2075
- Drop ability to customize lifetime per-token
- Add developer access keys that don't expire. These must be created from the database for now
- Add title in preparation for the developer token UI
- Add IP and user agent logging
- Delete all non-remember tokens in migration

tests/integration/api/authentication/WithTokenTest.php

@@ -60,7 +60,7 @@ class WithTokenTest extends TestCase
 
         // ...and an access token belonging to this user.
         $token = $data['token'];
-        $this->assertEquals(2, AccessToken::findOrFail($token)->user_id);
+        $this->assertEquals(2, AccessToken::whereToken($token)->firstOrFail()->user_id);
     }
 
     /**