💡Use token file instead of CLI argument in cloudflared service install for improved security

[RichardThiessen]

• Current behavior: Token passed as --token CLI argument, visible in process list
• Proposed: Use --token-file by default, write token to /etc/cloudflared/token with mode 600
• Benefit: Prevents token exposure via ps, /proc, service file, system logs

I was very surprised when running ps on my system after install to see my tunnel token visible. The default setup allows any other process on the machine (not containerized or otherwise isolated) to steal the tunnel token.

file implementing the functionality: https://github.com/cloudflare/cloudflared/blob/master/cmd/cloudflared/linux_service.go