auth: Consider django secret fallbacks when decrypting user token

Generated bearer tokens are stored encrypted in webapp database.

To encrypt a token, the django secret is used plus the user id as salt.

Previously, secret rotation was not taken into account which could result in token that could no longer be decrypted.

So handle fallback secrets when attempting to decrypt a token and re-encrypt token with new django secret when secret was rotated.

Also, return a more meaningful error when a secret could not be decrypted.