API keys are high-entropy secure random strings. This means that the
additional work factor of functions like PBKDF or bcrypt are not
necessary, and a faster hash function like salted SHA-256 provides
adequate security against offline attacks (hash collision, brute force,
etc.).
This PR adds `SSHA-256` to the list of supported stored hash algorithms
for API key secrets, and makes it the default algorithm. Additionally,
this PR changes the format of API key secrets, moving from an encoded
UUID to a random string which increase the entropy of API keys from 122
bits to 128 bits, without changing overall secret length.
Relates: ES-9504
51b4fffb5e