BE: Extend user's session with refresh tokens

[ronaldheft-gov]

The current session timeout is too low. User's should be able to extend their sessions beyond the default time via a JWT refresh token process.

• [ ] Add a refresh token to the token payload
• [ ] Implement a refresh token mutation to receive a new access token / refresh token combination
  • This should validate the user is not disabled before handing out a new refresh token
• [ ] Update the front-end to support the refresh token flow