Enable Doorkeeper token/application secret hashing

- Enable `hash_application_secrets` and `hash_token_secrets` in Doorkeeper initializer for improved security.
- This stores application secrets and access tokens as hashes in the database, reducing risk if the database is compromised.
- Note: `hash_token_secrets` is incompatible with `reuse_access_token`, so token reuse is now disabled/removed (see warning in Doorkeeper docs).
- For more details, see: https://doorkeeper.gitbook.io/guides/security/token-and-application-secrets

Author: aaronskiba

config/initializers/doorkeeper.rb

@@ -36,12 +36,14 @@
 
   # set the token endpoint configurations
   access_token_expires_in 2.hours
-  reuse_access_token
 
   # enable refresh tokens of duration 90 days
   use_refresh_token expiry: 90.days
 
   # enable ssl requirement for redirect url
   # - Allow HTTP in test and development environments
   force_ssl_in_redirect_uri !(Rails.env.test? || Rails.env.development?)
+
+  hash_application_secrets
+  hash_token_secrets
 end