Add special handling for when a Hex OAuth session has been revoked by Hex

If a session is revoked from Hex the refresh token we store will no longer be usable, resulting in an error.

Improve the UX to explain the situation, and to restart the OAuth flow to get a new token.