Prevent API tokens from using /-/create-token to create more tokens

[simonw]

It strikes me that users should NOT be able to use a token to create additional tokens.

The current design actually does allow that, since the dstok_ Bearer token can be used to authenticate calls to the /-/create-token page.

So I think I need a mechanism whereby that page can only allow access to users authenticated by cookie.

Not obvious how to do that though, since Datasette's authentication actor system is designed to abstract that detail away!

Originally posted by @simonw in #1850 (comment)

[simonw]

I'm going to set a convention that an actor signed in via a token should set "token": "something" as a key. Then the /-/create-token view can reject those actors.