Context: #9522 (comment)

We currently store oauth_access_token and oauth_refresh_token as strings in the database.
To encrypt these fields, we need to base64 encode them before writing them so that they are still valid UTF-8 text.

If we migrate these columns to be BYTEA instead, we can remove the overhead (such as it may be) of base64 encoding/decoding and instead just store the encrypted values directly.