Update Refresh Token on proposal API Logic to Expire Only Upon Use

[bosko-m]

Description

Modify the refresh token on proposal API behavior so that it only expires once it has been used or lifespan of token is exceeded.
This ensures better session continuity and avoids premature expiration due to inactivity or background operations.

Acceptance Criteria

• Refresh token is marked as expired only after it is successfully used to obtain a new access token.
• Unused refresh tokens remain valid until explicitly used or revoked.
• Behavior is consistent across login, token refresh, and logout flows.