Make sure client credentials token gets refreshed
- Use spring security facilities to handle authorize requests
which at a same time handled re-authorization. As client credentials
flow don't have refresh tokens, spring security will simply check
token expire time with clock skew when to authorize.
- Clockskew on default is 60 seconds so you really need to test it with
i.e. 2min expire time.
- Fixes #3894