Automatically initiate browser-based reauth when needed

[imjasonh]

This change modifies the auth refresh flow to detect the specific error response that indicates a reauth is required ("invalid_rapt"), and initiates a new browser-based auth flow in that case.

This specific error indicates that a human user's auth is used and that the user's GCP organization requires periodic browser-based auth flows, for example to impose 2FA requirements.

I don't anticipate this error response will be seen using service account credentials, or when a human user's credentials are involved without access to a browser. In either case, the "invalid_rapt" response indicates the user must open a browser to proceed, e.g., using gcr-login or gcloud auth login, so this just automates the initiation of that flow.

[rafibarash]

Hey @imjasonh, thanks for sending this! Do you mind just formatting https://github.com/GoogleCloudPlatform/docker-credential-gcr/pull/134/files? I botched the formatting when merging master into this branch and don't have access to fix it. I'll approve and merge after

[imjasonh]

Thanks for getting back to me. I gofmt'ed the file, let me know if there's anything else you'd like me to do.