Add optional CooperativelyManagedOAuth2 functionality to always check for new tokens

[jmoldow]

CooperativelyManagedOAuth2Mixin overrides _get_tokens(). When refresh() or revoke() are called, this protected method is called to get the latest tokens. However, the access_token property (used by BoxSession for all API requests) still uses the cached _access_token attribute.

During normal usage, this means that, after another instance has done a refresh, the BoxSession will usually make one API call with expired tokens before grabbing the updated tokens.

This makes sense as a default behavior. If the cooperative auth is happening over a network, then the cost of one extra API call per hour is much less than checking for new tokens for every single API call.

But if the cooperation is happening within a process and the mechanism is low-cost, it may be more economical to override the access_token property to always call _get_and_update_current_tokens() before returning the _access_token attribute.

This can be done with a CooperativelyManagedOAuth2Mixin subclass, or an __init__ parameter to toggle the behavior.

There's also the question of whether this is useful functionality to add to the SDK.