Support refresh tokens (#2126)

[beckjake]

resolves #2126

Description

Support refresh tokens by requesting client_id, client_secret, and a refresh token
Add a little webserver that spits out a refresh token given a client ID + client secret
Add tests
You can opt-out of running the new tests by exporting DBT_INTEGRATION_TEST_SNOWFLAKE_OAUTH_DISABLED=1 into your test environment.

Checklist

• I have signed the CLA
• I have run this code in development and it appears to resolve the stated issue
• This PR includes tests, or tests are not required/relevant for this PR
• I have updated the CHANGELOG.md and added information about my change to the "dbt next" section.

[beckjake]

Rebasing this against 0.15.3 made appveyor think it was relevant

[drewbanin]

This looks excellent! Two minor comments here - happy to discuss both of them further!

[drewbanin]

do you know what kind of contents would be returned in result_json here? I'm just worried that this could print sensitive-ish info out to the console, like a client id or client secret. If there's a chance that could happen, we should probably stringify the json and mask out creds if we can!

[beckjake]

I usually got error messages about invalid client IDs. I don't think it returns sensitive information, it was actually very annoying to debug because of that (which is good/normal security practice for an endpoint like this):

Encountered an error:
Database Error
  Did not get a token: {'data': None, 'message': 'This is an invalid client.', 'code': None, 'success': False, 'error': 'invalid_client'}

[drewbanin]

can we make this test optional? It should definitely run in our test env, but I think some folks might think twice about creating security integrations in their own snowflake accounts to run these tests :)

[beckjake]

How optional? Opt-in, or opt-out?