Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

When you set the autoRefreshSession: false setting when creating the browser client, the client auto refreshes the token anyways.
i.e.

const client =  createBrowserClient<Database>(dbClientConfig.url, dbClientConfig.anonKey, {
    auth: {
      autoRefreshToken: false,
    },
  });

console.log(client.auth.autoRefreshToken) # true

This is because in the createBrowserClient code, it will always set this setting as true if it's in the browser.

This is misleading, and if this is intentional, the typing interface should reflect that so users can't pass in autoRefreshToken, detectSessionInUrl or persistSession

To Reproduce

Try to create a client using createBrowserClient with autoRefreshToken: false

Print out the result, it's setting for autoRefreshToken will still be true

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

System information

• OS: [e.g. macOS, Windows]
• Browser (if applies) [e.g. chrome, safari]
• Version of supabase-js: [e.g. 6.0.2]
• Version of Node.js: [e.g. 10.10.0]

Additional context

Add any other context about the problem here.