Add --origin Argument for Handling Single Page Application Refresh Tokens

[so-lcain]

This pull requests includes updates to roadlib's auth.py and roadrecon's gather.py. The changes add the argument --origin which appends a header origin value to refresh token requests which is required when using Single Page Application (SPA) refresh tokens such as the Azure portal or Office Online Application portal. Users obtain a refresh token from an authenticated browser session, supply the SPA client-id, and pass an '--origin' value such as 'https://portal.azure.com' so they can then obtain an access token. Example syntax when using a refresh token from the Azure portal : roadtx gettokens -c c44b4083-3bb0-49c1-b47d-974e53cbdf3c --origin "https://portal.azure.com" --refresh-token ""

These changes have been tested and allow running collections and obtaining tokens in hardened Azure environments where device-code flow, external applications, and Selenium browser implementations are not an option. Obtaining refresh tokens from a user's authenticated browser session logged into one of the portals and supplying it to obtain an access token makes for a simple and efficient workflow. The checktoken function of gather.py was modified to handle requesting a new token with the appropriate origin header value for collections in large tenants.