feat: new OAuth flow for Turborepo CLI with Vercel (#10911)
## Description
When using Turborepo with Vercel, Turborepo first tries to use Vercel's
authentication system from Vercel CLI. Therefore, we need to stay up
with the latest authentication scheme of Vercel. This switches us to the
latest OAuth scheme.
Instead, we can be smarter. When a cache operation encounters a 403:
1. Detect: Operation fails with forbidden error
2. Read: Load auth.json to get both access and refresh tokens
3. Refresh: Call OAuth endpoint with refresh token
4. Update: Write new tokens to auth.json and update in-memory
5. Retry: Repeat the original cache operation with the new token
6. Fallback: If refresh fails, try reading from turborepo/config.json
## Testing
Added some tests, but manual testing is also good. I also manually
tested for backwards compatibility with older `auth.json` formats.
