document how token may be invalidated

[matkoniecz]

In case of leaking token (for example, pushing to public repository script that includes it) it should be reset. Unfortunately, neither docs of this gem nor http://api.beeminder.com/#auth makes clear how it can be done.

It is important to know how it can be done, especially as code in examples advocated putting token directly in a code of a script.