* Fixed password was not hashed on REST API update
* When we updated a user password with a REST API call the password was
stored in clear in plain text in the database.
* Following code review
* Move test on UserTest class
* Call `super().update()` in overriding `update` method
* Return directly the result of `super().update()`
* 12794 change User ref to get_user_model
* 12794 call get_user_model once in tests
* 12794 call get_user_model once in tests
* 12794 use settings.AUTH_USER_MODEL for FK reference
* 11091 add permission to allow user to create api tokens for other users
* 11091 update docs
* 11091 fix for test
* 11091 fix for test
* 11091 test case for invalid token creation
* 11091 add test for permission grant
* Cleanup & fix serializer validation
---------
Co-authored-by: jeremystretch <jstretch@netboxlabs.com>