Refresh customer token

Refreshes a customer's OAuth token for a registered device, generating a new token without requiring full re-authentication if the current token is still valid.

Expired tokens require authentication, and previously active tokens across all devices are immediately invalidated to ensure only one active session per refresh token.