feat(tools): create LinkedIn token refresh helper app

[CalvinAllen]

Summary

Create a CLI tool or small app to assist in refreshing the LinkedIn access token when it expires (every 60 days).

Requirements

• Spin up a local HTTP server to capture the OAuth redirect from LinkedIn
• Automatically open the browser to the LinkedIn authorization URL
• Capture the authorization code from the redirect
• Exchange the code for a new access token
• Update the LINKEDIN_ACCESS_TOKEN secret in the GitHub organization via the GitHub API

Technical Details

OAuth Flow

1. Start local server on https://localhost (or configurable port)
2. Open browser to: https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={CLIENT_ID}&redirect_uri=https://localhost&scope=openid%20profile%20w_member_social
3. Capture the code parameter from the redirect
4. POST to https://www.linkedin.com/oauth/v2/accessToken to exchange code for token
5. Use GitHub API to update the organization secret

GitHub API for Secrets

• Requires a PAT with admin:org scope (or repo scope for repo-level secrets)
• Endpoint: PUT /orgs/{org}/actions/secrets/{secret_name}
• Secret value must be encrypted with the org's public key

Configuration

The tool should read from environment or config:

• LINKEDIN_CLIENT_ID
• LINKEDIN_CLIENT_SECRET
• GITHUB_TOKEN (PAT with appropriate permissions)
• Target org/repo for secret update

Acceptance Criteria

• Single command to refresh token (e.g., npm run refresh-linkedin-token)
• Handles the full OAuth dance automatically
• Updates GitHub secret without manual intervention
• Clear error messages if something fails
• Works on Windows