refactor: Session & Token

[ralflang]

Migrate to the modern Session & Token PSR-4 APIs

Step 1

• feat: optional per-call secret Token#3 → feat(Token): support per-call secret override in generate/isValid/validateUnique Token#4
• Add methods to TokenServiceFactory which allow to create a Horde\Token\Token from the installation-wide secret or from an explicitly-passed session object. Keep the default behaviour of initializing from the current session's secret (if set). Stay BC. → refactor(Core): migrate Cache/Session/Token to modern HashTable + factory named methods #132 (createFromSecret, createForSession, createFromDeploymentSecret; create(Injector) unchanged for Form V3 BC)

Step 2

• In TokenServiceFactory Upgrade from using the $conf global in the Token factory → refactor(Core): migrate Cache/Session/Token to modern HashTable + factory named methods #132 (now reads via ConfigLoader).
• The legacy create(Injector) path still uses the $session global for Form V3 / whups BC. The new named methods (createForSession, createFromDeploymentSecret, createFromSecret) do not touch any globals.

Step 3

• Add a Session Admin interface for listing/reading/invalidating sessions which are not currently active. → Horde\SessionHandler\SessionAdministrator in refactor(SessionHandler): migrate to modern HashTable and add cross-session admin SessionHandler#8.
• Wire factory for DI if needed. → Resolved in refactor(SessionHandler): SessionAdministrator decorates SessionHandler instead of holding components SessionHandler#9: SessionAdministrator was reshaped as a decorator over SessionHandler, so it is autowired via the existing SessionHandler::class binding. No separate factory or binding needed.
• Progressively migrate from the session global to using the new PSR-4 session services.
• Keep registry creating the session global emitting the old-style PSR-0 session object for BC and gradual migration.

Step 4

Upgrade consumers.

Foundation work landed alongside Steps 1–3

These coordinated changes ship with the same migration:

• refactor(SessionHandler): migrate to modern HashTable and add cross-session admin SessionHandler#8 — ModernHashtableBackend (PSR-4 Horde\HashTable\LockableHashTable consumer) and SessionAdministrator.
• refactor(SessionHandler): SessionAdministrator decorates SessionHandler instead of holding components SessionHandler#9 — SessionAdministrator reshaped as a SessionHandler decorator (single dependency, autowire-ready, all admin pass-throughs proxied).
• refactor(HashTable): mark legacy lib/ classes deprecated, point to PSR-4 equivalents HashTable#5 — legacy Horde_HashTable_* classes deprecated, pointing at PSR-4 Horde\HashTable\Driver\*.
• refactor(Cache): Storage_Hashtable accepts modern Horde\HashTable Cache#4 — Horde_Cache_Storage_Hashtable accepts the modern HashTable interface and delegates to Horde\Cache\HashtableStorage.
• refactor(Imap_Client): deprecate Cache_Backend_Hashtable in favor of Cache_Backend_Cache Imap_Client#46 — legacy Cache_Backend_Hashtable deprecated in favor of Cache_Backend_Cache (which can wrap the modern HashTable transparently via Horde_Cache).
• refactor(base): admin/hashtable.php uses Horde\HashTable\HashTable base#101 — admin/hashtable.php migrated to the PSR-4 Horde\HashTable\HashTable interface.
• refactor(imp): retire 'hashtable' IMAP cache driver, fall through to 'cache' imp#61 — IMP IMAP cache wrapper retires the 'hashtable' driver, falls through to 'cache'.