* fix: renaming a user leaves their API tokens resolving to the old owner * Drive rename token-cache test through the real auth resolver instead of patching a closure
