Encryption key can only be string

As per https://oauth2.thephpleague.com/installation/, we should take advantage of `\Defuse\Crypto\Key` instance as encryption key, instead of string password only, which uses key stretching to the password to reduce vulnerability to brute force attacks. This should bring performance improvements.