Run session token renewals in a database transaction

Run session token renewals in a database transaction

The session token renewal does
1) Read the old token
2) Write a new token
3) Delete the old token

If two processes succeed to read the old token there can be two new tokens because
the queries were not run in a transaction. This is particularly problematic on
clustered DBs where 1) would go to a read node and 2) and 3) go to a write node.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>