Fail without refreshing when OAuthCredentials.refresh_token is None

Closes #1369 (closed), #1346 (closed)

I looked at all the ways in which an OAuth refresh could be invoked using a whole lotta git grep:

graph LR
  _get_gitlab_client --> refresh_token
  ListExternalRepositories --> list_repos
  CreateExternalRepository --> create_repo
  CreateExternalRepository --> get_latest_commit_sha
  CreateExternalRepository --> get_or_create_revision
  manage_repo_ref[manage.py update_repository_refs] --> update_repository_references
  GitRepositoryImportHook --> handle_webhook
  subgraph GitLabProvider
    _get_project_from_repo --> _get_gitlab_client
    list_repos --> _get_gitlab_client
    create_repo --> _get_gitlab_client
    create_revision --> _get_project_from_repo
    update_revision_references --> _get_project_from_repo
    update_repository_references --> _get_project_from_repo
    get_latest_commit_sha --> _get_project_from_repo
    get_or_create_revision --> create_revision
    handle_webhook --> update_revision_references
    handle_webhook --> create_revision
  end
  subgraph GitLabOAuthProvider
    refresh_token
  end

• The Git import hook sends an email to the OAuthCredentials' owner for any exception; I added a unit test that checks for the specific refresh error exception.
• manage.py update_repository_refs prints exception messages, so the explicit message in this MR will be displayed. Running this command also requires to be in a shell, and usually means you are already doing troubleshooting on the repos anyway.
• ListExternalRepositories and CreateExternalRepostory are called by the frontend, and the AuthenticationFailed error that this now throws has the message be explicitly shown in an error notification.