Bluesky: store access/refresh tokens instead of creating a new session on every request

[snarfed]

Lol. My user page https://brid.gy/bluesky/did:plc:fdme4gb7mu7zrie7peay7tst currently shows HTTP Error 429: {"error":"RateLimitExceeded","message":"Rate Limit Exceeded"} because we log in (ie call createSession) with username and app password on every request instead of storing the access token and using it in subsequent sessions. Funny.

cc @JoelOtter. Hopefully not too hard to fix. And not that urgent, I think the rate limit is per user, and I expect I hit it because I was running discover on a bunch of my old posts.

[snarfed]

Hmm, I take it back, the rate limit might not be per user, I'm seeing it on other user pages too. Funny.

[JoelOtter]

I just hit it too :/ Storing access tokens is kind of a pain because they're very short lived, do we have a notion of a cache with eviction times rather than putting it in the DB?

[snarfed]

Oh, we'd store and use the refresh token too. I think I see how we'd do this one, I'm happy to take it unless you disagree.

[JoelOtter]

Please do! I'm interested to see what the problem actually ends up being here, I never once hit a rate limit locally and I was hammering it a lot harder than I did the real thing

[snarfed]

For posterity, the rate limit we're hitting is createSession 30/5 min, 300/day: https://atproto.com/blog/rate-limits-pds-v3 . They say it is per handle (ie user) after all.

[snarfed]

Done!