Store hash of session key

Summary:
This prevents security by obscurity.
If I have read-only access to the database then I can pretend to be any logged-in user.

I've used `PhabricatorHash::digest()` (even though we don't need salt as the hashed string is random) to be compatible with user log.

Test Plan:
Applied patch.
Verified I'm still logged in.
Logged out.
Logged in.

  $ arc tasks

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6080

src/applications/base/controller/PhabricatorController.php

@@ -52,7 +52,7 @@ abstract class PhabricatorController extends AphrontController {
         $user->getTableName(),
         'phabricator_session',
         'web-',
-        $phsid);
+        PhabricatorHash::digest($phsid));
       if ($info) {
         $user->loadFromArray($info);
       }