Silently refresh token in pwa

[moberwasserlechner]

This is the task for implementing the refresh feature for PWA/Web. I sum up the relevant information from @dennisameling below.

Implicit flow (for now, see this article by Auth0 for details as to why it's still not considered safe to store a refresh token from the implicit flow in the browser). See #59

If we were to use the implicit flow for refreshing tokens, it would involve creating an iFrame to refresh the token without user interaction. The angular-oauth2-oidc library also uses iFrames for refreshing tokens, so we could take inspiration from that. See #60