are zedtokens opaque identifiers, or is there some way to take a timestamp and reverse-engineer a zedtoken? we're trying to figure out how auditing authzed/spicedb would work, and one of the questions we'd need to ask is "what did user X have access to at time Y"