Document how to list / invalidate SM api tokens generated in the plugin

[ckbedwell]

What would you like to be added:

On the config page of SM we allow users to generate access tokens.

However we don't provide anyway for users to know how many access tokens have been made and how they can revoke them.

Why is this needed: To make it clearer to users how they can manage their access tokens.

Additional context It would be worth investigating if we could list / delete access tokens within the application rather than directing users to the documentation of how to use the api externally.

[mem]

We need to provide:

• a list of existing tokens, along with their creation and last used dates
• a way to invalidate them
• a way to name them (otherwise how are users going to identify them?)
• optionally specify an expiration date