This commits introduces a new data model for holding api keys for the
API. The keys are stored in the database with a prefix and a hash and
bcrypt with 10 passes is used to store the hash and it is "one way
safe".
Api keys have an expiry logic similar to pre auth keys.
A key cannot be retrieved after it has created, only verified.
