Bugfix/devexp 765 syncronize token managers

[marcos-sinch]

Synchronize token managers and refactor HTTP transport

Fixes a race condition in OAuth token creation and renewal under concurrent requests.

Token manager (token_manager.py)

• Adds a threading.Lock to TokenManagerBase.
• get_auth_token uses double-checked locking so that the initial token fetch happens exactly once even when many threads call it simultaneously.
• Replaces the EXPIRED state + handle_invalid_token side-channel with a new refresh_auth_token(used_token) method: whichever thread holds the lock compares the used (stale) token against the currently cached one and fetches a new token only if they still match, deduplicating concurrent renewal attempts.
• Removes the now-unnecessary TokenState.EXPIRED value.

HTTP transport (http_transport.py, requests_http_transport.py)

• Moves prepare_request and authenticate out of send() and into request(), so send() now receives an already-prepared HttpRequest instead of a raw HTTPEndpoint. This makes send() a pure I/O primitive and simplifies subclassing.
• Extracts _get_bearer_token_from_request and _set_bearer_token helpers to keep the token-stamping logic in one place.

Tests

• Replaces the abstract MockHTTPTransport test harness with tests that drive the real HTTPTransportRequests adapter, giving better coverage of the actual I/O path.
• Adds concurrency tests for both get_auth_token and refresh_auth_token that assert a single fetch under 20 simultaneous threads.