FIX: Make the `verbose_auth_token_logging` setting off by default (PR #14664)

The generate, rotate and suspicious auth token logs are now always logged regardless of the verbose_auth_token_logging setting because we rely no these to detect suspicious logins.

GitHub