Ensure channel resources are up-to-date after they are updated elsewhere.

[johnshaughnessy]

When we join a hub, we fetch the user account from the user token:
https://github.com/mozilla/reticulum/blob/0f0af37e3d0c914dbdd2636eb885d1c028e13110/lib/ret_web/channels/hub_channel.ex#L64

The account has oauth_providers preloaded because we've written that into resource_from_claims:
https://github.com/mozilla/reticulum/blob/0f0af37e3d0c914dbdd2636eb885d1c028e13110/lib/ret/guardian.ex#L24

(It is Guardian that call this for us : https://github.com/johnshaughnessy/guardian/blob/0b7aba1840bf2f8b75bc3a258463a3fba7f325de/lib/guardian.ex#L652 )

We associate the user's account with the channel socket: https://github.com/mozilla/reticulum/blob/0f0af37e3d0c914dbdd2636eb885d1c028e13110/lib/ret_web/channels/hub_channel.ex#L1028

We check the oauth_providers on the account when checking the tweet permission: https://github.com/mozilla/reticulum/blob/0f0af37e3d0c914dbdd2636eb885d1c028e13110/lib/ret/account.ex#L78

However, I think we do not update the in-memory account associated with the socket after adding an oauth_provider: https://github.com/mozilla/reticulum/blob/0f0af37e3d0c914dbdd2636eb885d1c028e13110/lib/ret_web/controllers/api/v1/oauth_controller.ex#L115-L136 . So we do not have the tweet permission when we should. I have not verified this -- it's just a guess at this point.

If the guess is correct, two potential remedies might be:

• After updating the oauth_providers, find any sockets that the user might be connected to, broadcast a message on them with RetWeb.Endpoint.broadcast(channel, action, payload). (Example : https://github.com/mozilla/reticulum/blob/ec55da468a7317b38247551f7cb9e63f827931b2/lib/ret/api/rooms.ex#L181 ) Then update the associated account for the appropriate user with a filter in handle_in (or handle_out... I don't know exactly how the broadcast works.)

• When fetching permissions, also re-fetch the oauth_providers.

If the guess is correct, then this is likely not the only way the resource on the channel gets out of sync with its representation in the database. We may want to audit the code and come up with a strategy for mitigating this if it comes up again.