Handle Okta authentication failures more gracefully

[monde]

Bringing in @Eitol's #241

This pull request addresses an issue where users with expired sessions in their browsers encounter repeated authentication failures when running the okta-aws-cli web command. Previously, the tool would attempt to authenticate twice and display an error message: "Cached access token appears to be stale...". However, it did not provide clear guidance on how to resolve the issue.

Changes Made:

Updated the NewWebCommand function to check after two failed authentication attempts.

If the authentication fails due to an invalid_grant error after retries, the tool now informs the user to log out of Okta in their
browser and log back in.

Added user-friendly messaging to guide users through resolving the expired session issue.

Impact:

• Enhances user experience by providing clear instructions to resolve authentication issues caused by expired browser sessions.
• Reduces confusion and potential support requests related to stale cached tokens.

see: #153 (comment)