Log and store Plaid specific data properly.

[elliotcourant]

Access tokens and Item IDs are the core identifiers that map your users to their financial institutions. Store them securely and associate them with users of your application. Make sure, however, that these identifiers are never exposed client-side. Keep in mind that one user can create multiple Items if they have accounts with multiple financial institutions.

Ensure that the following identifiers are securely logged, as they will be needed when contacting Support about a specific request or callback.

• link_session_id: Included in the onExit, onEvent, and onSuccess callback of a Link integration.
• request_id: Included in all Plaid API responses.
• account_id: Included in all successful Plaid API responses that relate to a specific Item or account.

[elliotcourant]

For MVP access tokens will be stored in one of two places:

• PostgreSQL as plaintext (though this is not what we will be using in production).
• Vault

Right now stuff is just stored in postgresql on the plaid_link table and its stored in plaintext. This is fine for now and might be fine for people who decide to self-host the software (if they have their own Plaid credentials). But for our production environment we need to store this data securely and restrict access to it. Vault will be used in production to handle the access policies to this data, as well as the data's encryption.