Add tools to manage caching discovery results

[bmillwood]

• Fixes getValidTokens starts failing after ~a week #72 (at least, the part that I care about the most)

I was running into a problem that turned out to ultimately be caused by holding onto the results of discover for too long. It turns out that at least in Google's case, the Expires and cache-control headers do tell you how long you can hold on to the results for (actually, they tell you an hour, whereas IME they work for a week, but eh, close enough). This code adds minimal support for reading the Expires header, so that I can know when I need to call discover again, and also adds a new function cachedDiscover, which makes it easy to refetch the cache when necessary. (I've implemented it in a way that refetches the cache only when it's asked for, but you could also imagine implementing it such that it proactively refetches whenever the cache expires, even if we haven't asked for it yet.)

I added a test that we do successfully get a validUntil from Google, and I'm using cachedDiscover in my own hobbyist project, so I know it at least somewhat works :) (my hobbyist project uses a slightly revised version that debug-prints whenever it refreshes the cache, so I know the cache expiry times are coming back correctly, and the cache isn't being refreshed unnecessarily... I haven't tested OIDC providers other than Google, or timezones other than UTC, though I suspect some of these things might just always be UTC)

Since the Provider type exposes its fields, and this PR adds a new one, it would necessitate a major version bump. But I think you're already locked into such a thing by 1f50c3f