Access Tokens page

We’ve added a dedicated Access Tokens settings page so developer credentials live in their own section.

• Create access tokens with a label, expiry, and scope (read-only, full access, billing) — the token value is shown once and copyable.
• Rotation is one click; the previous token remains valid for a grace period to allow seamless cutover.
• Revoke tokens individually or in bulk; revoked tokens stop working immediately.
• The form submission flow is hardened so resubmitting the form during slow API responses no longer creates duplicate tokens.

This complements the existing Signing Keys page (used for media signing) — the two surfaces live next to each other under Settings > Developer.