Updated example tokens in swarm docs

[vallieres]

- What I did
Updated old Swarm keys

- How I did it
Manually

- How to verify it
It's only documentation

- Human readable description for the release notes

Removed tokens that looked too much like real Swarm secrets and triggered security tooling

- A picture of a cute animal (not mandatory but encouraged)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[thaJeztah]

Left a comment; also looks like your commit is missing a DCO sign-off causing the DCO check to fail;

---

We require all commit messages to have a Signed-off-by line with your name
and e-mail (see "Sign your work"
in the CONTRIBUTING.md in this repository), which looks something like:

Signed-off-by: YourFirsName YourLastName <yourname@example.org>

There is no need to open a new pull request, but to fix this (and make CI pass),
you need to amend the commit(s) in this pull request, and "force push" the amended
commit.

Unfortunately, it's not possible to do so through GitHub's web UI, so this needs
to be done through the git commandline.

You can find some instructions in the output of the DCO check (which can be found
in the "checks" tab on this pull request), as well as in the Moby contributing guide.

Steps to do so "roughly" come down to:

1. Set your name and e-mail in git's configuration:

   git config --global user.name "YourFirstName YourLastName"
   git config --global user.email "yourname@example.org"

   (Make sure to use your real name (not your GitHub username/handle) and e-mail)

2. Clone your fork locally

3. Check out the branch associated with this pull request

4. Sign-off and amend the existing commit(s)

   git commit --amend --no-edit --signoff

   If your pull request contains multiple commits, either squash the commits (if
   needed) or sign-off each individual commit.

5. Force push your branch to GitHub (using the --force or --force-with-lease flags) to update the pull request.

Let me know if you need help or more detailed instructions!

[thaJeztah]

We can use this as replacement; that still shows the "expected" format, and that the token has two components separated by a hyphen (49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv, 8vxv8rssmk743ojnwacrr2e7c), but we truncate the last part (...) which ... probably should make it invalid, so not flagged by scanners

--token SWMTKN-1-aabbccdd00112233aabbccdd00112233aabbccdd00112233aa-aabbccdd00112233...\

[dvdksn]

Or alternatively, something like this is pretty common. "Middle-out" truncation 😂

Suggested change

	--token SWMTKN-1-aaa \
	--token SWMTKN-1-49nj1cm***r2e7c \

[thaJeztah]

Yeah, I wondered if we should keep the "two hyphens after SWMTKN-1-" to make clear; yes, you need the whole token (till the very end!)

[thaJeztah]

LGTM

I squashed the commits; oh @vallieres I noticed you pushed to a branch in this repository; we normally don't allow that, and use pull requests from forks (I guess you have write access through the security team 😅)

[thaJeztah]

LOL; I doubt this will reduce noise though; looks like CoPilot at least is really eager on flagging "secrets", so also flagging example passwords, and fixtures used in our tests 🫠

I'm surprised the format it's matching for Swarm tokens doesn't follow the format, and only seems to check the prefix? The only thing missing is an EICAR somewhere; guess we can add it to complete our bingo card!