We now always reload the token store on a config reload to make our

behaviour identical to that of the htpasswd store. This allows

administrators to revoke tokens and trigger a reload without restarting

the server.
Additionally, we were setting the token store early in

setConfigUnsafe, which resulted in a partial state update if there

was an error later. We now make sure to update either everything or

nothing.
Testing done:

Ran go fmt ./....

Ran go test ./....

Ran go fmt ./....

Ran go test ./....