Fix: handle token expiry

[erezrokah]

Fixes #3779 (shows a relevant message as we can't refresh a Bitbucket implicit token: https://developer.atlassian.com/cloud/bitbucket/oauth-2/#refresh-tokens)

Fixes #941

Related netlify/gotrue-js#83

Token expiry can happen in the following cases:

• Web Application Flow - Revoking OAuth app from the relevant GitHub/GitLab/Bitbucket interface. Relevant config is:

backend:
  name: github/gitlab/bitbucket

• GoTrue/Netlify Identity - token expires every hour, but auto refreshed by identity widget/gotrue-js. That can fails when the refresh token is no longer valid. That can happen when a user logs in via a different browser window and then goes back to the original window. See better handle Identity token expiry #941 (comment) and Is this login / refresh token flow correctly implemented? netlify/netlify-identity-widget#142 (comment).
  Relevant config is:

backend:
  name: git-gateway

• Bitbucket implicit grant - invalidates after 1 hour and can't be refreshed.
  Relevant config is:

backend:
  name: bitbucket
  repo: owner/repo
  auth_type: implicit
  app_id: 'Bitbucket OAuth Consumer key'

• Bitbucket Web Application Flow - invalidates after 1 hour and auto refreshed by the CMS.
  Relevant config is:

backend:
  name: bitbucket
  repo: owner/repo

• GitLab implicit grant - not sure, from the example in the docs it seems it expires in 1 hour - did not experience that issue: https://docs.gitlab.com/ee/api/oauth2.html#implicit-grant-flow, and the example in the response seems wrong: http://myapp.com/oauth/redirect#access_token=ABCDExyz123&state=YOUR_UNIQUE_STATE_HASH&token_type=bearer&expires_in=3600
  The response when doing implicit auth doesn't have an expires_in argument.
  Relevant config is:

backend:
  name: gitlab
  repo: owner/repo
  auth_type: implicit
  app_id: 'GitLab Application ID'

Solution

• Periodically check that the user is logged in and show a sticky notification error until the user logs out.

Also relevant to #3334