Place limits on valid characters for platform API tokens

[CodingDoug]

I can create a token with nothing but invisible characters:

$ go run cmd/turso/main.go auth api-tokens create "   "

$ go run cmd/turso/main.go auth api-tokens list
NAME

I now have no easy way of identifying it in the list.

I can also attempt to embed other whitespace characters into the name. Here are two tabs:

$ go run cmd/turso/main.go auth api-tokens create "               "
Error: failed to create token: parse "/v1/auth/api-tokens/\t\t": net/url: invalid control character in URL
exit status 1

It would be reasonable to place the same restrictions on token names as the names of databases.

[CodingDoug]

Another observation: we don't seem to be doing URL string escaping at all, which could be prone to bugs:

$ go run cmd/turso/main.go auth api-tokens create "%2b%2b"

$ go run cmd/turso/main.go auth api-tokens list
NAME
++

Edit: could someone delete this token for me, or tell me how? I can't easily figure out how to do it using the CLI.