Allow multiple active API oAuth tokens

Currently the API only ever allows one active oAuth token for a given user/client pair. This results in third-party clients like the autodialer and the Beeminder panel effectively logging the user out of their previous session whenever they log in with a new device. It would be great if the API supported multiple simultaneous oAuth sessions so that front-end clients could allow users to remain logged in on multiple devices.