EVM Node: Fix token refresh by avoiding handler aliasing

What

This change corrects the GCP KMS authentication token refresh mechanism to ensure that the active handler used by the application receives all subsequent token updates from the background refresh process.

Why

The previous implementation suffered from a subtle record aliasing bug. The background process responsible for refreshing the authentication token was given a reference to an initial, partial version of the KMS handler. However, the function then returned a copy of this handler to the rest of the application.

Consequently, the background process was updating the token in a handler record that was no longer in use. The active handler's token was never refreshed, which caused it to expire, leading to the intermittent invalid_token authentication failures that were observed.

How

The fix restructures the handler's creation flow. The final, complete KMS handler record is now created before the background token refresh process is initiated. The background process is then given a reference to this final, active handler. This ensures that token updates are applied to the exact same record that the rest of the application uses for its API calls, resolving the aliasing issue and ensuring the token remains valid.

Manually testing the MR

Checklist

• Document the interface of any function added or modified (see the coding guidelines)
• Document any change to the user interface, including configuration parameters (see node configuration)
• Provide automatic testing (see the testing guide).
• For new features and bug fixes, add an item in the appropriate changelog (docs/protocols/alpha.rst for the protocol and the environment, CHANGES.rst at the root of the repository for everything else).
• Select suitable reviewers using the Reviewers field below.
• Select as Assignee the next person who should take action on that MR