Secure access & refresh tokens in VS Code extension

[calum-bird]

Cool to see you open-source this. Might want to be a bit careful with those tokens though!

The VSCode API includes a SecretStorage object which will use a library specific to each OS - Credential Vault on Windows, KeyChain on MacOS, and libsecret on Linux - to securely store these values at rest. Typically, this would not be a huge issue, although depending on Auth0 settings with respect to token lifetime, this could be problematic.

Local test passes with this change when using the prod Figstack server.