Immutable CodexAuth (#8857)

Historically we started with a CodexAuth that knew how to refresh it's
own tokens and then added AuthManager that did a different kind of
refresh (re-reading from disk).

I don't think it makes sense for both `CodexAuth` and `AuthManager` to
be mutable and contain behaviors.

Move all refresh logic into `AuthManager` and keep `CodexAuth` as a data
object.

codex-rs/tui/src/status/helpers.rs

@@ -88,7 +88,7 @@ pub(crate) fn compose_account_display(
     auth_manager: &AuthManager,
     plan: Option<PlanType>,
 ) -> Option<StatusAccountDisplay> {
-    let auth = auth_manager.auth()?;
+    let auth = auth_manager.auth_cached()?;
 
     match auth.mode {
         AuthMode::ChatGPT => {