Rundeck auth token should not be kept in plain text form

[szpak]

Currently auth token (API key) in Jenkins is kept in plain text format and can be seen using Jenkins/project configuration page and by browsing Jenkins configuration files.

Fortunately access to those pages should be restricted and in addition auth token allows an attacker to smaller number of operations. Nevertheless having na auth token allows to execute arbitrary operation as the user configured in Jenkins. In addition it complicates bootstrapping Jenkins instances (as that file has to be additionally protected).