Dropbox: Retrieves & uses refresh token to obtain new access token

[DougReeder]

Fixes #1267

It may prove helpful to examine each commit separately.

The first commit adds Mocha tests for every scenario that jaribu tests, but re-arranged more logically. Some tests are pending, and some expectations are commented out (such as returning proper MIME types), because the current Dropbox backend is not compliant.

The second commit adds Content-Length & Last-Modified to Dropbox folder listings, correctly encodes Dropbox-API-Arg header and fixes some other bugs. The Dropbox-API-Arg header must be JSON-encoded, not URL-encoded: https://www.dropbox.com/developers/reference/json-encoding

The third commit refactors the function that calls either fetch or XHR into its own class. Authorize needs to call this as part of OAuth2 PKCE, and it was poor architecture for Dropbox and Google Drive to be using a function in wireclient.

The fourth commit refactors WireClient, GoogleDrive & Dropbox to have a common ancestor & Typescript interface. The common ancestor reduces duplication of code. The interface surfaces the complexity of interaction between the backends and other modules.

The fifth commit avoids the user needing to log in every four hours (what Dropbox calls "offline access" and OAuth2 calls the PKCE flow). OAuth2 PKCE is standardized, so I've placed as much code as possible in authorize.ts for future re-use.

It also sends the scopes required for Scoped apps, which Dropbox requires all new apps to be.

It also handles the 503 and 429 status codes and their Retry-After header that Dropbox sends.

The sixth commit removes the jaribu tests of new functionality that were superseded by better mocha tests.

[DougReeder]

I believe the sharing.write permission isn't needed, just account_info.read files.content.read files.content.write files.metadata.read files.metadata.write