feat: implement per-account token refresh synchronization

Introduces a more granular, per-account locking mechanism for refreshing OAuth tokens in `OidcTokenRefresher`. This change replaces the global `synchronized` block with account-specific locks, allowing different accounts to refresh their tokens in parallel.

This mitigates race conditions for a single account while improving performance by not blocking token refreshes for unrelated accounts.

Key changes:
- Use `ConcurrentHashMap` to manage locks and track ongoing refresh operations for each account.
- If a token refresh is already in progress for an account, subsequent requests for the same account will wait for the ongoing operation to complete.
- In `AccountRemovedReceiver`, a cleanup routine is added to remove the corresponding lock and any tracked operations when an account is deleted, preventing memory leaks.