Ensure refreshed tokens can be accessed across processes

[philippjfr]

When a user enables token refreshing and horizontally scales the application (either with --num-procs or with a load balancer) it is possible to get into a situation where the initial HTTP request arrives on one server, triggers a token refresh, but the subsequent WS request arrives on a different server, which does not have access to the refreshed token. The problem that will then occur is that it will once again try to make a request to refresh the tokens but by that point the refresh_token will have expired since they are single use.

This PR mitigates this issue by including the refreshed token information in the token, such that we can decode it on the server that opens the WS connection.

[codecov]

Codecov Report

Attention: Patch coverage is 25.92593% with 40 lines in your changes are missing coverage. Please review.

Project coverage is 40.25%. Comparing base (b3fcdad) to head (86990c9).
Report is 10 commits behind head on main.

❗ Current head 86990c9 differs from pull request most recent head 3c8c518. Consider uploading reports for the commit 3c8c518 to get more accurate results

Files	Patch %	Lines
panel/auth.py	10.00%	36 Missing ⚠️
panel/io/application.py	71.42%	4 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #6817       +/-   ##
===========================================
- Coverage   81.54%   40.25%   -41.30%     
===========================================
  Files         314      314               
  Lines       46453    46594      +141     
===========================================
- Hits        37879    18755    -19124     
- Misses       8574    27839    +19265     

Flag	Coverage Δ
ui-tests	40.25% <25.92%> (+2.77%)	⬆️
unitexamples-tests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.