fix github installation token expiration

[matt-phylum]

This PR fixes some issues with the way GitHub app installation tokens are managed.

• Installation tokens expire after one hour, not after the JWT used to create the token expires.
• Installation tokens were being refreshed only if the JWT needed to be refreshed. If you were sometimes authenticating as the app and sometimes authenticating as the installation, eg if you are authenticating as multiple installations, the JWT would be refreshed and then the installation token would be used without being refreshed.
• If multiple API requests were being made in parallel, several installation tokens could be requested for the same installation at the same time.

[augustuswm]

Thanks for putting all of this together. Changes look good to me. I'll be bundling a few updates for the GitHub client, and work on getting a release put together this week.