`run-single` leaks token value to other users
Description
In the current setting, run-single can't really be used safely in a multi-user system, since process arguments are visible to all users, so the token value gets leaked to all other active users.
Proposal
I want to add a --token-file flag that can be used alternatively to initialize the Token variable from a file.