Table To Record Refresh Attempts

It would be ideal to create a worker that tracks the success or failure of refresh tokens.  On malicious refresh attempts, we should also find the `Session` from the supplied RUID and mark it as invalidated.