This change is the first in a series of changes for improving our API Tokens

(which we'll refer to as API Tokens v2). Currently, Djblets generates tokens

using SHA1, which has the following disadvantages:

- Tokens aren't able to be validated or identified from other SHA1 tokens.

- Can't use secret scanning to detect leaked tokens

- Aren't as secure as some modern counterparts.
In response, we are moving towards a new token format that contain a

vendor/category prefix and can be validated through a checksum. Additionally,

we want to be able to support token expiration and invalidation, which we

currently don't do. Since we are moving away from an old token format, we also

need support for token deprecation.
In this change we modify the API tokens model to allow the possibility for

new token types, expiration, and invalidation. The following changes are made

to the BaseWebAPIToken model:

- Adding expires field and an is_expired method.

- Adding valid, invalid_date and invalid_reason fields.

- Adding token_generator_id field.

- Adding last_used field.

- Updating max length of token to 255 characters.
The token authentication backends were also updated to block authentication

if an expired or invalid token was used. We also added help texts for all

of the BaseWebAPIToken fields for better clarity.

Ran unit tests in djblets.webapi.tests
Manually tested token authentication when making requests with curl

  and rbt api-get