Add --force-refresh flag to get-token to refresh ID token

[linki]

This PR adds a flag to get-token called --force-refresh which always renews the ID token regardless of its expiration time.

When kubelogin finds an existing CachedTokenSet it expects to have both an IDToken and a RefreshToken. It would then check the IDToken's expiration time and might skip a refresh if it's still valid.

By using --force-refresh the check for the IDToken's expiration time will always be skipped. This will trigger kubelogin's normal token renewal procedure, either automatically (if a refresh token is present) or via the browser (if there's no cached token in the first place).

We have a use case where we prematurely want to refresh the ID token before its regular expiration time because we know the newly requested token will have additional properties that we want. Instructing kubelogin get-token to forcefully refresh the token on a case-by-case basis would help us a lot: Previously we would remove the cached token file on the file system completely, but that would also remove the refresh token and requires a dreadful login via the browser (at least it pops up for a moment). By keeping the cached token file (with the refresh token) in place and using --force-refresh instead, the process is seamless for the person using the client.

This PR misses tests but functionality has been tested manually. If the approach taken here seems reasonable to be merged I would also work on appropriate tests.

This should also fix #659 /cc @Xartos

[int128]

Thank you for your contribution!

[linki]

@int128 Thanks for merging this!

Would you mind cutting a new release with it (probably v1.27.0) so that there are pre-built binaries that can be downloaded?

[int128]

I will soon create a new release.

[int128]

I just released https://github.com/int128/kubelogin/releases/tag/v1.27.0

[linki]

@int128 Thanks a lot!