feat(cli): allow updates to runners' secrets

This commit allows the `forgejo-cli actions register` command to change
an existing runner's secret, as discussed in #4610.

It refactors `RegisterRunner` to extract the code that hashes the token,
moving this code to a method called `UpdateSecret` on `ActionRunner`.
A test for the method has been added.

The `RegisterRunner` function is updated so that:
- it relies on `ActionRunner.UpdateSecret` when creating new runners,
- it checks whether an existing runner's secret still matches the one
  passed on the command line,
- it updates the runner's secret if it wasn't created and it no longer
  matches.

A test has been added for the new behaviour.

models/actions/runner_test.go

@@ -7,12 +7,28 @@ import (
 	"fmt"
 	"testing"
 
+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
+// TestUpdateSecret checks that ActionRunner.UpdateSecret() sets the Token,
+// TokenSalt and TokenHash fields based on the specified token.
+func TestUpdateSecret(t *testing.T) {
+	runner := ActionRunner{}
+	token := "0123456789012345678901234567890123456789"
+
+	err := runner.UpdateSecret(token)
+
+	require.NoError(t, err)
+	assert.Equal(t, token, runner.Token)
+	assert.Regexp(t, "^[0-9a-f]{32}$", runner.TokenSalt)
+	assert.Equal(t, runner.TokenHash, auth_model.HashToken(token, runner.TokenSalt))
+}
+
 func TestDeleteRunner(t *testing.T) {
 	const recordID = 12345678
 	assert.NoError(t, unittest.PrepareTestDatabase())