Add eager token refresh to token service

While monitoring the Profile-API, multiple unauthenticated requests were made to accounts at the same time using an expired token. This caused the required mail field to be missing, and caused the requests to fail.

We should make the token refresh happen shortly before the token is set to expire to avoid this ever happening.