[~BUGFIX] FLOW3 (Security): Fix separation of tokens in security context
When using parallel authentication providers the separation of the
currently active and inactive tokens has not worked in any case. This
change fixes this and cleans up the context unit tests along the way.
The token class is not used for the separation anymore, the
authentication provider name is now the only thing that matters for