Cut over to generating new HMAC-based XSRF tokens

This is the second step of migrating to our new XSRF token format.  The
first step ([] made validate() start accepting new tokens
(basically, dual-read).  This step cuts over our "writing" to write the
new token format.  The third and final step will drop support for
validating the old token format (back to single-read).  We'll do that
in a subsequent push so that we don't invalidate all the current XSRF
tokens that people might have in their browsers.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149790648

java/google/registry/security/XsrfTokenManager.java

@@ -99,25 +99,6 @@ public final class XsrfTokenManager {
         .asBytes());
   }
 
-  /**
-   * Generates a legacy-style XSRF token for a given scope and user.
-   *
-   * <p>If there is no user (email is an empty string), the entire xsrf check becomes basically a
-   * no-op, but that's ok because any callback that doesn't have a user shouldn't be able to access
-   * any per-user resources anyways.
-   *
-   * <p>The scope is passed to {@link #computeLegacyHash}. Use of a scope in xsrf tokens is
-   * deprecated; instead, use {@link #generateToken}.
-   */
-  // TODO(b/35388772): remove this in favor of generateToken()
-  @Deprecated
-  public String generateLegacyToken(String scope, String email) {
-    checkArgumentNotNull(scope);
-    checkArgumentNotNull(email);
-    long now = clock.nowUtc().getMillis();
-    return Joiner.on(':').join(computeLegacyHash(now, scope, email), now);
-  }
-
   /**
    * Validates an XSRF token against the current logged-in user.
    *
@@ -157,6 +138,7 @@ public final class XsrfTokenManager {
       }
       return true;
     } else {
+      // TODO(b/35388772): remove this fallback once we no longer generate legacy tokens.
       // Fall back to the legacy format, and try the few possible scopes.
       String hash = tokenParts.get(0);
       ImmutableSet.Builder<String> reconstructedTokenCandidates = new ImmutableSet.Builder<>();