[SDK-1790] use refresh_tokens with multiple audiences

[adamjmcgrath]

Description

useRefreshTokens: true should be able to handle to handle multiple audiences, with the caveat that the first time you get an RT for a new audience you will have to rely on the iframe fallback, or if you can't because of ITP, do it interactively via popup.

Updated the playground for easier testing

References

See: #512

Testing

An example of using RT with multiple audiences in an ITP enabled browser:

const client = new Auth0Client({
  ...
  audience: 'http://api1/users',
  scope: 'read:users',
});

// get access token for existing audience using RT grant
const accessToken1 = await getTokenSilently({
  audience: 'http://api1/users',
  scope: 'read:users',
  ignoreCache: true,
});

// get access token for a new audience which falls back to iframe, because no RT
try {
  const accessToken1 = await getTokenSilently({
    audience: 'http://api2/books',
    scope: 'read:books'
  }); 
// fails because of ITP
} catch (e) {
  // get's access token and an RT interactively
  const accessToken2 = await getTokenWithPopup({
    audience: 'http://api2/books',
    scope: 'read:books'
  });
}

// Can now get access token with RT grant for the second audience silently
const accessToken3 = await getTokenSilently({
    ignoreCache: true,
    audience: 'http://api2/books',
    scope: 'read:books'
  });

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not master