auth login does not use refresh token to renew access token

[CodeIsCheapShowMeThePrompt]

Describe the bug

After the access token expires (~2 hours), lark-cli requires re-authorization via device code flow, even though the refresh token is still valid (~7 days). The CLI appears to store the refresh token (as evidenced by auth status returning refreshExpiresAt) but never uses it to silently renew the access token.

To Reproduce

1. lark-cli auth login --recommend
2. Complete device code authorization in browser
3. Wait ~2 hours for access token to expire
4. Run any command (e.g. lark-cli auth status)
5. Observe tokenStatus: needs_refresh and auth login demanding a new device code

Expected behavior

When the access token expires but the refresh token is still valid, lark-cli should:

• Automatically exchange the refresh token for a new access token, OR
• Provide an auth refresh subcommand to do so manually

Without this, users must re-authorize every 2 hours, which defeats the purpose of having a refresh token.

Environment

• OS: macOS Sequoia (arm64)
• lark-cli version: 1.0.23
• Brand: feishu
• Scope includes: offline_access

Additional context

The offline_access scope is already requested during login, so the refresh token should be available. The auth subcommands currently are: login, logout, status, check, scopes, list — there is no refresh command.