fix: refresh expired OAuth tokens for older chat sessions

[ShivamRIG]

Fixes #5556

Problem:
Old chat sessions retained expired access tokens in session.state.
Tokens were never refreshed, causing tools to fail in older chats.
Reloading the page did not help as the session is server-side.

Fix:
Added _refresh_token_if_expired() method to A2aAgentExecutor.
Called after _prepare_session() in _handle_request(), before
the runner executes. Checks expiry, refreshes using refresh_token,
and updates session state with new access_token and expires_at.

Tests:
Added 3 unit tests covering:

• Valid token → no refresh triggered
• Expired token → refreshed correctly
• Missing refresh_token → skips silently

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[ShivamRIG]

Testing Plan

Added 3 unit tests in tests/unittests/a2a/executor/test_refresh_token.py:

• test_token_not_expired_skips_refresh — valid token, no refresh triggered
• test_expired_token_triggers_refresh — expired token refreshed correctly
• test_no_refresh_token_skips_refresh — missing refresh_token skips silently

All 3 tests pass:
pytest tests/unittests/a2a/executor/test_refresh_token.py -v
3 passed in 0.XXs