feat: make JWT refreshTokens more secure

Don't store the token itself in the database, store a UUID, and when refreshing the accessToken, verify the token and verify that in the payload there is a corresponding UUID stored in the database

src/models/User.ts

@@ -10,6 +10,10 @@ export interface UserJWT {
   currentStrategy: AuthenticationStrategy
 }
 
+export interface UserRefreshJWT extends UserJWT {
+  tokenUUID: string
+}
+
 export interface UserRequest {
   current: User
   currentStrategy: AuthenticationStrategy