MDL-76656 introduces functionality to make the webservice token only viewable once directly after creation.  After that the token is not accessible again by anyone via the UI. However the raw token is still stored in the database.

This issue is to convert the raw tokens in the DB into crytographic hashes and store that. Exactly the same as we store passwords.

We should try to reuse the same methods that make crytographic hashes user passwords for this functionality.  This prevents code duplication etc.