feat: Implement oauthenticator.OAuthenticator.refresh_user method

[Wykiki]

This MR aims to implement the refresh_user()'s Authenticator method in OAuthenticator class.

Following #398 comment.

At the time of writing, nothing has been tested, and provider specific code would be needed, as the OAuth2 spec does not force the expires_in field in the access_token response body.

I may not have bandwidth soon to work again on this, feel free to take the lead !

[Wykiki]

May be replaced by Authenticator.auth_refresh_age ?

[Wykiki]

Need specific methods to retrieve refresh-related informations, as other providers may need custom logic.

But what if the required fields are provider via response headers ? May need provider implementation to see if that's relevant.

[Wykiki]

May need to refresh before delta reaches 0, to avoid disruption while working.

[johnpmayer]

need to include 'scope' here too - the same one used on initial login, to ensure you get back an equivalent id_token/access_token

[johnpmayer]

apologies, looks like this is only required on the original authorization code request. the scopes for the token_info and refresh_token requests do not affect the responses

[yuvipanda]

I'll be super excited to try get this to eventually land :)

[Wykiki]

@yuvipanda I don't have bandwidth to work on it anymore, so feel free to take over the code !

[yuvipanda]

@Wykiki I'll poke around and try to find someone!

[yuvipanda]

And thank you for your contribution :)

[epstein6]

Hello! Was any progress made here? This would be useful for my work, and this looks like a fairly complete implementation (thanks!).

[epstein6]

I've been using this with gitlab with a couple of compatibility changes (adding the redirect_url and the client info) and it seems to work. Are there any other particular changes that would need to be done here for this to be merged?