Support authentication token refresh

[slavisharper]

• Auth JWT should be valid for only a few minutes.
• Refresh token should be provided on each login action.
• In order to refresh the JWT both authentication and refresh token must be provided.
• Refresh tokens must also be regenerated with the authentication token.
• Also session id claim must be preserved when refreshing the JWT
• In order to maintain multiple sessions at once we need to keep a list of refresh tokens in the database each with unique session id.
• Refresh tokens values should be stored in encrypted state in the database.