refresh token rotation

RU: ротация refresh-токенов

Refresh token rotation: a security policy where each use of a refresh token immediately invalidates it and issues a replacement. If the server detects a previously-used token being presented again — a sign the original was stolen — it can revoke the entire token family and force re-authentication.