[auth] add salt to session id cipher

right now we just encrypt it, which means the cipher never changes https://github.com/async-la/thin-auth/blob/master/packages/server/src/scope/auth/index.js#L191

Do we need a salt here? security wise I am unsure, but it guarantees equal or better security so I suggest we add it.