bcrypt is one-way encryption - can't get the access token back if we hash with this

[jsms90]

Can't use this.

Either

• Go back to putting the unencrypted access token into a cookie :see_no_evil:
• Finish the workshop 1 step earlier - it's a bit too long anyway. Start with this after the introduction to JWTs on Tuesday
• Find another encryption method

[jsms90]

hapi-auth-cookie encrypts the contents of a cookie using iron, so we can use this now that FAC10 have been introduced to strategies & schemes