fix(auth): prevent token collisions and optimise lookups

Ensures access tokens are unique across both user and appservice tables to
prevent authentication ambiguity and potential security issues.

Changes:
- On startup, automatically logout any user devices using tokens that
  conflict with appservice tokens (resolves in favour of appservices)
  and log a warning with affected user/device details
- When creating new user tokens, check for conflicts with appservice tokens
  and generate a new token if a collision would occur
- When registering new appservices, reject registration if the token is
  already in use by a user device
- Use futures::select_ok to race token lookups concurrently for better
  performance (adapted from tuwunel commit 066097a8)

This fix-forward approach resolves existing token collisions on startup
whilst preventing new ones from being created, without breaking existing
valid authentications.

The find_token optimisation is adapted from tuwunel (matrix-construct/tuwunel)
commit 066097a8: "Optimize user and appservice token queries" by Jason Volk.

src/service/appservice/mod.rs

@@ -133,10 +133,10 @@ impl Service {
 			.await
 			.is_ok()
 		{
-			return err!(Request(InvalidParam(
+			return Err(err!(Request(InvalidParam(
 				"Cannot register appservice: The provided token is already in use by a user \
 				 device. Please generate a different token for the appservice."
-			)));
+			))));
 		}
 
 		self.db
@@ -182,12 +182,13 @@ impl Service {
 			.map(|info| info.registration)
 	}
 
-	pub async fn find_from_token(&self, token: &str) -> Option<RegistrationInfo> {
+	pub async fn find_from_token(&self, token: &str) -> Result<RegistrationInfo> {
 		self.read()
 			.await
 			.values()
 			.find(|info| info.registration.as_token == token)
 			.cloned()
+			.ok_or_else(|| err!(Request(NotFound("Appservice token not found"))))
 	}
 
 	/// Checks if a given user id matches any exclusive appservice regex