[Bug]: Handle expiring GitHub user OAuth tokens

[barankyle]

GitHub apps can be set so that tokens generated for users expire after 8 hours. When this happens, accessing projects errors with a 401 due to the tokens being invalid. The simple solution, which has been implemented, is to opt-out of token expiration (under "Optional Features" in the GH app), but it would be useful to support refreshing the tokens. This would likely require adding another column to the identity-provider table to store the refresh token, and then handling 401 errors by refreshing the token and retrying.