This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.
Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
The first secret is used to encrypt, the rest are for decryption; if the
first doesn't work, the rest are tried in order.
The makes it possible to rotate keys.
