GitLab OAuth tokens expire after 2 hours - implement refresh token support

## Problem

GitLab OAuth access tokens expire after 2 hours by default (some configurations may allow up to 1 day). Currently, nix-auth does not capture or use the `refresh_token` that GitLab returns in the OAuth response, so users need to re-authenticate frequently.

## Current behavior

The `gitLabTokenResponse` struct only captures:
- `access_token`
- `token_type`
- `expires_in`
- `scope`

GitLab actually returns additional fields including `refresh_token` which is ignored.

## Proposed solution

Implement refresh token support:

1. **Capture `refresh_token`** from GitLab's token response
2. **Store refresh tokens** in a metadata file (e.g., `~/.config/nix/nix-auth-metadata.json`) since `access-tokens.conf` only supports simple `host=token` format
3. **Add `nix-auth refresh` command** to manually refresh tokens before they expire
4. **Auto-refresh on `nix-auth status`** when tokens are near expiration (optional)

## References

- [GitLab OAuth 2.0 API docs](https://docs.gitlab.com/api/oauth2/) - "Access tokens expire after two hours. Integrations that use access tokens must generate new ones using the `refresh_token` attribute."
- [GitLab OAuth provider docs](https://docs.gitlab.com/integration/oauth_provider/)

## Related

Reported as follow-up to #7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

GitLab OAuth tokens expire after 2 hours - implement refresh token support #14

Problem

Current behavior

Proposed solution

References

Related

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

GitLab OAuth tokens expire after 2 hours - implement refresh token support #14

Description

Problem

Current behavior

Proposed solution

References

Related

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions