Refresh token reuse detection

[ThierryBerger]

    -- TODO: We don't want to immediately delete a refresh token, so we can detect refresh token reuse, maybe due to malicious usage.

undefined