Improve credentials management

[tfardet]

To improve the security of the credentials, I would like to move from the csv in the home folder to a chmod-600 file in the config folder. I would also like to move from "key+secret" to "token only" because :

1. only the token is actually necessary
2. if your token is compromised, you can regenerate one from your key+secret
3. it's only one entry instead of two to deal with
4. it let's us remove some code

@hadrilec would that be OK with you? If so, for the 2nd part, could you add an insee_token secret entry corresponding to the token associated to the current key and secret for the tests?

[hadrilec]

hi thanks, if key and secret are no longer stored locally it means that the token should be manually set again by the user whenever it expires. I dont recall what is the maximum validity period of the token I will check. good to improve the security but I would like to avoid putting more burden on the user.

[tfardet]

maximum validity period is one year, as far as I can tell. There is indeed that drawback for storing only the token, if you think it's too much of an issue, I can live with keeping things only as they would be with #210

[hadrilec]

ok, the whole point of the init_conn function is not to ask the user to deal with the token at all. Credentials are used to prevent someone from overloading insee's API, you have access to public data and not to confidential data so it is not a big deal if it is done in a way which does not match state of the art security standards.

[tfardet]

Alright, let's stick with #210 then, I'll wait for your review on that