fix: update remote cache OAuth refresh flow (#10916)
### Description
Implements OAuth token refresh for remote cache operations (reads and
writes) in `HTTPCache`, mirroring the token rotation functionality
introduced in #10911.
Key changes:
- `HTTPCache` now uses `Arc<Mutex<APIAuth>>` for thread-safe token
management.
- Introduced `execute_with_token_refresh` to wrap cache operations,
automatically attempting to refresh the token via
`turborepo_auth::get_token_with_refresh()` upon receiving a 403
Forbidden error.
- `put()`, `fetch()`, and `exists()` methods now leverage this retry
mechanism.
- Added `turborepo-auth` as a dependency.
### Testing Instructions
- All existing tests pass.
- A new integration test, `test_token_refresh_on_403()`, has been added
to verify the token refresh capability.
---
<a
href="https://cursor.com/background-agent?bcId=bc-3847b553-065c-4202-8fed-15a60ce2dbb4"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/open-in-cursor-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/open-in-cursor-light.svg"><img alt="Open in
Cursor"
src="https://cursor.com/open-in-cursor.svg"></picture></a> <a
href="https://cursor.com/agents?id=bc-3847b553-065c-4202-8fed-15a60ce2dbb4"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/open-in-web-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/open-in-web-light.svg"><img alt="Open in Web"
src="https://cursor.com/open-in-web.svg"></picture></a>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
