Fix OIDC token refresh to handle missing refresh_token in response

[DarshanCode2005]

Closes: #296

Problem

The _refresh_oidc method in kube_config.py assumes that a refresh_token will always be returned in OAuth2 token refresh responses. However, different token management strategies may not return a refresh token in every refresh response:

• Sliding: Refresh token may not be returned if unchanged
• Rolling: New refresh token is always returned (existing behavior works)
• Rotation: Refresh token may or may not be returned

This causes a KeyError: 'refresh_token' at line 335 when the refresh response doesn't include a new refresh token.

Solution

Modified _refresh_oidc to conditionally update the refresh token only if it's present in the response:

if "refresh_token" in resp:
provider["config"].value["refresh-token"] = resp["refresh_token"]. This preserves the existing refresh token when a new one isn't provided, which is the correct behavior for sliding token strategies.

Changes

• Updated _refresh_oidc method to check for refresh_token before updating
• Added test case test_oidc_with_refresh_no_new_refresh_token to verify behavior when refresh_token is not returned

Testing

• Added test coverage for the case where refresh_token is not returned
• Existing tests continue to pass (backward compatible)
• Syntax validation passes