set salt to non-0 to avoid privacy leaks

[olehmisar]

if there is not additional salt in this data, then google identity might be leaked:

https://developers.google.com/identity/openid-connect/openid-connect#obtainuserinfo
"An identifier for the user, unique among all Google accounts and never reused"

https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
"sub identifier, which is equivalent to the user's Google ID."

In that case, someone who knows "aud" (which is public) and "sub" (which seems to also be public, but more hard to get) can calculate the account_id.

In the code account_id = pedersen([sub, aud, salt]). Salt is currently hardcoded to be 0, so it's basically non existent.

Fix it