API Token should be stored per root URL

[akbertram]

An API token is linked to a specific ActivityInfo server. If you change the server, we should not send the API token saved for the previous server to the new server.

This is first of all inconvenient if you are working with multiple ActivityInfo servers, but also a security risk, because the user's token could be sent to any server operated by a third party

[nickdickinson]

This should have been addressed now. Still waiting to be able to run tests properly again. There will be a need to add the token again. I've changed the file name to ".activityinfo.server.credentials" so that we don't overwrite old tokens in case users forget to save them elsewhere. Their old token remains in ".activityinfo.credentials" and they can manually recover that. There is no way to automatically migrate as we do not store the root url in the old format. It will be easier to add a note to the release about this.