Token hardening.

[jschwartzentruber]

The current API token for crash reporting during fuzzing is an unrestricted token shared by all fuzzing instances and also used for local team members during ad-hoc fuzzing. In the event of a token leak, all crash and signature data on the server can be read.

Some possibilities for improvements:

1. Add capability for tokens to be write-only for use by fuzzing instances. Done
2. Implement token expiry to force rotation.
3. Rate limit tokens to a reasonable maximum to prevent a leaked write-only token from flooding the server.
4. Segment tokens by tool so tokens can only report crashes for the intended tool.

[jschwartzentruber]

5. IP restrictions for API usage. Automation tokens should be restricted to the datacentres we're using.

[jschwartzentruber]

2b. django-rest-knox supports token expiry, which could be bumped whenever last-login is updated by UI login. This also solves the problem that SSO account disable does not invalidate tokens.