SSO: Link tokens rather than copying them

[nwmac]

Currently, in order to auto-connect a Cloud Foundry when using SSO, we copy the token from the UAA to the Endpoint.

This means they have the same refresh token - so when the access token expires, we will go fetch a new one and also get a new refresh token - we only update one token, so the other is left with a refresh token that is invalid and whichever it is (UAA/CF) will not be able to get a new access token.

This PR changes this and instead of copying, we link the tokens, and ensure we use the refresh/access token from the linked token and refresh that when needed

NOTE: This PR includes the changes in - #2522 which should be merged first.

[cfdreddbot]

Hey nwmac!

Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.

[codecov]

Codecov Report

Merging #2916 into v2-master will decrease coverage by 0.02%.
The diff coverage is n/a.

@@              Coverage Diff              @@
##           v2-master    #2916      +/-   ##
=============================================
- Coverage      71.36%   71.33%   -0.03%     
=============================================
  Files            605      605              
  Lines          25920    25920              
  Branches        5876     5876              
=============================================
- Hits           18497    18491       -6     
- Misses          7423     7429       +6