Replace fmt.Sprintf with hex.EncodeToString (#21960)

`hex.EncodeToString` has better performance than `fmt.Sprintf("%x",
[]byte)`, we should use it as much as possible.

I'm not an extreme fan of performance, so I think there are some
exceptions:

- `fmt.Sprintf("%x", func(...)[N]byte())`
- We can't slice the function return value directly, and it's not worth
adding lines.
    ```diff
    func A()[20]byte { ... }
    - a := fmt.Sprintf("%x", A())
    - a := hex.EncodeToString(A()[:]) // invalid
    + tmp := A()
    + a := hex.EncodeToString(tmp[:])
    ```
- `fmt.Sprintf("%X", []byte)`
- `strings.ToUpper(hex.EncodeToString(bytes))` has even worse
performance.

2 files changed, 4 insertions, 4 deletions

diff --git a/models/migrations/base/hash.go b/models/migrations/base/hash.go
index 164f826b45..00fd1efd4a 100644
--- a/models/migrations/base/hash.go
+++ b/models/migrations/base/hash.go
@@ -5,12 +5,12 @@ package base
 
 import (
 	"crypto/sha256"
-	"fmt"
+	"encoding/hex"
 
 	"golang.org/x/crypto/pbkdf2"
 )
 
 func HashToken(token, salt string) string {
 	tempHash := pbkdf2.Key([]byte(token), []byte(salt), 10000, 50, sha256.New)
-	return fmt.Sprintf("%x", tempHash)
+	return hex.EncodeToString(tempHash)
 }
diff --git a/models/migrations/v1_14/v166.go b/models/migrations/v1_14/v166.go
index 1eb7263347..f797930d6d 100644
--- a/models/migrations/v1_14/v166.go
+++ b/models/migrations/v1_14/v166.go
@@ -5,7 +5,7 @@ package v1_14 //nolint
 
 import (
 	"crypto/sha256"
-	"fmt"
+	"encoding/hex"
 
 	"golang.org/x/crypto/argon2"
 	"golang.org/x/crypto/bcrypt"
@@ -53,7 +53,7 @@ func RecalculateUserEmptyPWD(x *xorm.Engine) (err error) {
 			tempPasswd = pbkdf2.Key([]byte(passwd), []byte(salt), 10000, 50, sha256.New)
 		}
 
-		return fmt.Sprintf("%x", tempPasswd)
+		return hex.EncodeToString(tempPasswd)
 	}
 
 	// ValidatePassword checks if given password matches the one belongs to the user.