Run session token renewals in a database transaction
The session token renewal does
1) Read the old token
2) Write a new token
3) Delete the old token
If two processes succeed to read the old token there can be two new tokens because
the queries were not run in a transaction. This is particularly problematic on
clustered DBs where 1) would go to a read node and 2) and 3) go to a write node.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>