fix(clerk-js): Fix token cache refresh timer leak

[jacekradko]

Summary

• Fix orphaned refresh timer accumulation in SessionTokenCache that caused token refresh requests to fire much earlier than expected
• When set() is called multiple times for the same cache key (from _updateClient hydration AND #refreshTokenInBackground), old timers were never cleared — each leaked timer independently fired onRefresh, accelerating the effective polling rate
• The fix clears existing timers at the start of setInternal before creating the new cache entry
• Particularly visible after session.touch() or any API response that triggers _updateClient

Test plan

• 8 new unit tests covering timer cleanup on overwrite scenarios
• All 45 unit tests pass
• Integration test verifying stable refresh rate after session.touch()
• Manual verification: sign in, trigger touch, observe network tab for ~2 minutes — token requests should maintain ~43s intervals (not accelerating)

Summary by CodeRabbit

• Bug Fixes

  • Fixed a proactive token refresh timer leak that could cause growing token refresh requests after session activity or switching, preventing orphaned/stale timers and reducing redundant network calls.

• Tests

  • Added unit and integration tests validating timers are cleaned up across repeated session updates so token refreshes remain stable and non-duplicative.