feat: add refresh callback to update token claims during refresh

[shpaw415]

Summary

Adds an optional refresh() callback to the issuer configuration that allows updating token properties during refresh operations without requiring users to re-authenticate.

This addresses issue anomalyco#275 where dynamic user attributes (permissions, roles, profile data) stored in external sources like Redis or databases could not be updated during token refresh.

Changes

New refresh callback in IssuerInput interface - Optional callback that mirrors the success() callback pattern
Integration with token refresh flow - The refresh callback is invoked during refresh_token grant type operations
Backward compatible - When no refresh callback is provided, the original behavior of using cached properties is maintained
Comprehensive test coverage - Added test to verify refresh callback updates token properties correctly

Usage Example

issuer({
  success: async (ctx, value) => {
    const user = await db.findUser(value.email)
    const permissions = await redis.get(`permissions:${user.id}`)
    return ctx.subject("user", {
      id: user.id,
      email: user.email,
      permissions,
    })
  },

  // NEW: Refresh callback to update dynamic attributes
  refresh: async (ctx, value) => {
    // Re-fetch permissions on every refresh
    const permissions = await redis.get(`permissions:${value.properties.id}`)
    return ctx.subject("user", {
      ...value.properties,
      permissions, // Updated value!
    })
  },
})

What has been done

• issuer props refresh
• New test verifies refresh callback is invoked with correct payload
• New test verifies updated properties appear in refreshed tokens
• Backward compatibility verified - existing behavior unchanged when callback not provided

The Original PR introduced by @swalker326 - anomalyco#319