Add grace period for Refresh Token expiration

[federicaagostini]

The use case for this request is that when asking a new Refresh Token, if the Reuse refresh token option is not checked, in case the client does not manage to store the new RT there is no way to obtain a new one anymore. So, a grace period for its expiration would be great.

@giacomini, 5 minutes looks reasonable?

[enricovianello]

My comment here is that from a security point of view I'd prefer to force user to re-authenticate in case. I agree with the refresh token rotation strategy described here where not only a grace period is not used but in case of a duplicated request done with a rotated RT, all the chain of new RTs released after is invalidated.