Hash tokens in SubjectRepo

API Tokens are currently stored in plaintext, which creates a security vulnerability. We should hash the tokens in the DB, and use those when authenticating the requests.

Additional modifications needed:
- Guest and Admin tokens must be communicated once (and not saved in an external persistent file)
- `/subjects` endpoint should not return the tokens (neither hashed nor plaintext)