Use Common Annotated Security Key (CASK) "standard" for token generation #1342
Description
Microsoft recently introduced a standard/specification for keys and tokens, designed to make them easily identifiable by secret scanning tools. Adopting this standard alongside the prefix already added via #1338 would greatly improve early leak detection. It also offers useful features, such as encoding the approximate issuance date, which allows determining a token’s age.
Reference: https://github.com/microsoft/cask (reference implementation in C#, with documentation available in the docs/ folder: https://github.com/microsoft/cask/tree/main/docs). Microsoft may be willing to help by providing a reference implementation of CASK in Java.