CoreUpdater: prevent token creation/disclosure via oneClickResults

[sgiehl]

Summary

This PR refines the CoreUpdater one-click update flow by centralizing update_details_token lifecycle handling in oneClickUpdate()
and keeping oneClickResults() focused on rendering.

What changed

• In plugins/CoreUpdater/Controller.php:
• oneClickUpdate() now rotates update_details_token at update start.
• oneClickResults() now reads existing token state and does not persist token changes.
• oneClickResults() includes updateDetailsToken in runUpdaterUrl only in superuser context.
• Added helper methods for explicit token refresh/read behavior:
• refreshUpdateDetailsToken()
• getUpdateDetailsToken()

Behavior impact

• Token management is now aligned with update initiation.
• Result page rendering remains intact and continues to provide a valid continuation URL when applicable.
• Existing token cleanup behavior after update completion remains unchanged.

Checklist

• [✔] I have understood, reviewed, and tested all AI outputs before use
• [✔] All AI instructions respect security, IP, and privacy rules

Review

• Functional review done
• Potential edge cases thought about (behaviour of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• Security review done
• Wording review done
• Code review done
• Tests were added if useful/possible
• Reviewed for breaking changes
• Developer changelog updated if needed
• New documentation added or existing documentation updated