Allow for updating the Graph API access token via the OAuth web flow

[kern]

Hackbot needs the ability to create and delete posts on the behalf of at least one group administrator. Users that wish to use the upcoming canned-response commands (#10, #11, #12) will also have to authenticate with the application.

We'll need to implement the OAuth 2 web flow and persist the long-lived access tokens somewhere. The hacky method described in the README isn't so user-friendly. :)

[rubinovitz]

Does persisting in Firebase make sense?

[kern]

I think so. You can't access the Firebase instance without a admin secret, which basically makes it a hosted database. Or, we can move off Firebase to another data store (perhaps an embedded one? The data we persist is tiny).

[rubinovitz]

Redis?

[kern]

Works for me. I'll get to it this week.