feat: server side token validation/refreshing

[RobbyUitbeijerse]

Related to: #529

This potentionally solves the issue mentioned above. Please note that it's not finished, but I'm happy to push this over the finish line if you're interested in merging it :)

To-do

• Add jsonwebtoken as a dependency to package.json/yarn.lock (I don't have yarn running so didn't do this yet)
• Adjust login redirect, it currently assumes the login lives on the /login route and it assumes a next parameter is respected for a log-in redirect.

[vercel]

@RobbyUitbeijerse is attempting to deploy a commit to the medusajs Team on Vercel.

A member of the Team first needs to authorize it.

[willbouch]

Hey! Just a quick heads up, I will get to this PR eventually :)

[RobbyUitbeijerse]

@willbouch in the meanwhile, I have some new learnings :)

In our specific use case, we rely on supabase for authentication. What we're doing now is attempting to reauthorize the user with Medusa based on our still valid Supabase session as soon as the JWT comes close to expiry, in order to get a new JWT that we can then apply to subsequent requests.

This is a better solution for us as it also works after expiry of the JWT, since the Supabse session will refresh itself based on the refresh token, while Medusa doesn't offer that. This nets us a situation where we can keep users authenticated with Medusa for a long time while still retaining short lived JWTs on the Medusa side. Let me know if you want me to incorporate something like that here