Modularize temporary token types

Summary:
Ref T10603. For LFS, we need to issue a new type of temporary token.

This makes the temporary token code modular so applications can add new token types without modifying the Auth application.

(I'm moving slowly here because it impacts authentication.)

Test Plan:

• Used bin/auth recover to get a one-time token from the CLI.
• Used "Forgot your password?" to get a one-time token from the web UI.
• Followed the web UI token to initiate a password reset, prompting generation of a password token.
• Viewed these tokens in the web UI:

{F1176908}

• Revoked a token.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15475