Fix token refresh race condition causing login loop

- Wait for ongoing refresh before sending new requests
- Add proactive refresh when token is about to expire
- Prevents multiple requests from hitting server with stale tokens

Author: nickprotop

cloud/src/LrmCloud.Web/Services/AuthenticatedHttpHandler.cs

@@ -32,6 +32,20 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 
         if (!isAuthEndpoint)
         {
+            // Wait if a refresh is in progress before adding auth header
+            // This prevents sending requests with stale tokens during refresh
+            var coordinator = _serviceProvider.GetService<TokenRefreshCoordinator>();
+            if (coordinator?.IsRefreshInProgress == true)
+            {
+                await coordinator.WaitForRefreshAsync(TimeSpan.FromSeconds(10), cancellationToken);
+            }
+
+            // Proactive refresh: if token is expired or about to expire, refresh before sending
+            if (await _tokenStorage.IsTokenExpiredAsync() && await _tokenStorage.CanRefreshAsync())
+            {
+                await TryRefreshTokenAsync();
+            }
+
             await AddAuthHeaderAsync(request);
         }