Fix token refresh logic

[azegallo]

What kind of change does this PR introduce?

Bug fix

What is the current behavior?

• Token refresh logic rejects refreshes if the access token is expired.
• In many (most?) use cases the token will never refresh.

#108 #112 #106 #109

What is the new behavior?

Tokens refresh correctly.

Additional context

We have been wrongly assuming that Session.ExpiresIn represented the users Supabase session expiry time. And that we should invalidate the users session when this time expired. The Session.ExpiresIn property actually represents the entire lifetime (in seconds) of the access token (if you set a JWT expiry in Supabase of 3600 then ExpiresIn should always be 3600). We should not be concerned with "ending sessions" in this library. That is handled by Supabase invalidating the refresh tokens. So I have removed all of the Expired() checks.

The SetSession method in Client.cs was also setting an incorrect value for ExpiresIn, using payload.Expiration which is the timestamp for when the token expires, not the expected expires_in time. So I have calculated that as the payloads (exp - iat).

After these changes the ExpiresAt() and Expired() methods in Session.cs are unused so I have removed them as well as the AnonKeyClientTests.cs SessionCalculatesExpiresAtTimeCorrectly() method.