Follow the pattern used in httr2, where OAuth tokens are always encrypted when written to the cache, using a built-in key.

Not doing this right now because it raises the question of what to do with older, unencrypted tokens lying around in the cache. The answer is probably "blow them away", but I'd want to think about that a bit more and figure out how much to tell the user about this.

https://github.com/r-lib/httr2/blob/86127996b98c03f4ada8949969db83bb0c4a7921/R/oauth.R#L105C83-L106