How would you design a secure token storage and refresh flow for a production mobile app at Apidel Technologies?