Use Refresh Tokens by default

[NickolausDS]

Make the call NativeClient.login(refresh_tokens=True) default, instead of the current default refresh_tokens=False.

This is to make scripting more convenient for folks, so tokens won't expire in the default setting. We'll also need to add warning somewhere that refresh tokens are default so folks know it's a small sacrifice of security for usability.

[lliming]

I'm not sure this is a good idea. Especially if we want to submit this to pypi for general use. Do we really want the default (which is what everyone will use in practice) to leave refresh tokens behind wherever anyone plays around with this code? It seems to me we only want refresh tokens to be generated on systems where the user is pretty confident they have privacy. The warning in the README isn't sufficient to guarantee the code is only being used on private systems. IMO, telling developers how to enable refresh tokens is actually a small price to pay for a sane default.

Further, when a refresh token escapes into the wild, (a) there's little or no warning to the user that it happened, and (b) it's nontrivial for the user to figure out how to revoke it. I think the user should have to explicitly think about enabling refresh tokens.