[auth] ImpersonatedClient lacks request de-duplication for concurrent token requests

[vverman]

The Impersonated client does not currently de-duplicate or cache in-flight promises for access tokens. When background tasks—such as the recently implemented Regional Access Boundary (RAB) refresh—are triggered during getRequestHeaders(), they perform internal requests that recursively call getRequestHeaders().

Since the Impersonated client doesn't de-duplicate these concurrent calls, it results in multiple redundant POST requests to the IAM generateAccessToken endpoint. This is evidenced by the fact that tests in test.impersonated.ts require two IAM nock mocks to pass when RAB is enabled, while only needing one OAuth2 token mock (which is correctly de-duplicated by the source client).

Expected Behavior:
Impersonated client should cache the in-flight token request promise to ensure only one call is made to IAM for concurrent requests.

[sofisl]

Hi @vverman! Is this something you'll be working on in the repo? Otherwise, please provide an in-depth reproduction, with expected behavior (like this template). Otherwise if it's something you're planning on working on yourself, feel free to assign it to yourself and add a size label (s, m, l) and a type (bug, feature request, docs, or process). Thanks!