Do not leak credentials

[cristianuibar]

Build a redirected flow in 3 steps via toplytics.presslabs.net so that the client id and client secret will not be leaked to the end user when connecting via the public method.

Keep a record of all refresh_tokens on toplytics.presslabs.net so that we can revoke access in case something is off.

The steps are:

• client site => toplytics.presslabs.net/auth?return_url=...
• topltyics.presslabs.net => google auth to grant access
• google auth => return to toplytics.presslabs.net (which stores the user as well that came from google)
• toplytics.presslabs.net => return to client return_path with the refresh_token