Save hashed token in the couchdb instead of the plain token

The webapp should save a hashed version of the token instead of the plain version in order to reduce possible timing attacks based on token lookup.

(from redmine: created on 2013-08-05, closed on 2014-05-29)