Potentially remove claim_token (swap for itsdangerous)

[mkst]

https://itsdangerous.palletsprojects.com/en/stable/

basically serialize+sign {slug:"abcde"} and then return that to the client as Scratch.claim_token. We can verify the claim_token has not been modified, rather than needing to store the value in the database.

EDIT

• Part 1 done via Deprecate database claim_token #1856
• Just need to remove the field from the model.