We upgraded Rack to 2.0.9 in 12.9 which exposes a hash of the session id
beside the actual value. We can avoid storing the session id Redis by
relying on this instead.

This commit starts using the Rack::Session::SessionId#private_id as the
key for Redis values. We still need to maintain ActiveSession#session_id
to avoid issues when canary on production relies on different versions
of ActiveSession.

Rack::Session::SessionId#private_id is also used for revoking sessions
instead of encrypting the session id.