feat: implement refresh_token API

[darknight]

follow up of #912

Changes include:

• use uuid without hyphen as refresh token
• refresh token expires in 7 days by default
• create refresh_tokens table, add r/w operations
• implement refresh_token logic
• update register API, since it's new user, we always generate new refresh token and return it
• update token_auth API, first we check if there exists valid (unexpired) refresh token for current user, if not, generate new one

Pending task:

• implemement revoke_token

  • this can be done by updating expires_in field, invalidate current token.

• To clean up expired refresh tokens, there are two options:

  1. do clean up during login (i.e. token_auth), if no valid refresh token, we generate new one, meanwhile, delete all expired ones.
  2. spawn a background task when server starts, run clean up periodically

@wsxiaoys what's your suggestion?

[wsxiaoys]

spawn a background task when server starts, run clean up periodically

I'll suggest go with this approach, example:
https://github.com/TabbyML/tabby/blob/main/crates/tabby-scheduler/src/lib.rs#L11

The tokio job can be spawned when creating db conn.

[wsxiaoys]

Otherwise LGTM

[wsxiaoys]

Please also:

1. Resolve conflicts.
2. Update schema file (if needed)