Add new model OrgAuthToken based on existing ApiToken model

[mydea]

We will add a new model OrgAuthToken with the following properties:

• organization
• name - note that this is required in order to identify the token
• token_hashed - the JWT token - we'll store this as a hash
• token_last_characters- the last characters of the original token, to be shown to the user (e.g. "ends with ABCD")
• scope_list - for now can only contain org:ci, but in the future maybe more.
• date_added
• user_added
• date_last_used
• project_last_used

We decided against re-using/extending the ApiToken model, as there are too many differences and may lead to more confusion/problems.

Some important things:

• token is only viewable after creation.
• Only the name & projects may be edited - the scopes may not.
• Although the token is JWT, we do not want to authorize anything directly from the token, but only use it as carrier for information
• We decided against allowing projects for now, as that complicates stuff with HybridCloud considerably. We may add this later.

Future things

• Make sure to reference it in the audit log

[mydea]

Note: We decided to make the name of the token required. This is also this way e.g. for github tokens, and makes especially sense as we want to hide the token from the UI, making it hard to identify them.

[AniketDas-Tekky]

Hey, is there a tech spec for this change available? This is a pretty substantial change I want to make sure we've done our due diligence in investigating the implications of adding a new token type.

[mydea]

Hey, the RFC outlining this is here: getsentry/rfcs#91