Store Jenkins token in a file rather than environment

[nuclearsandwich]

Reduce the ease with which a Jenkins token may be captured by a malicious Jenkins job. Additional measures should be taken:

1. Use a Jenkins user which only has the necessary permissions for agent creation and configuration and not full admin access.
2. Restrict Jenkins agent connections to trusted networks.
3. Switch to a Jenkins API token rather than password to prevent a captured token from being used to authenticate via the Jenkins web UI.