You are quite confused with the flow actually! Let me explain you how this access token thing works-
First of all, the getting the access token from Graph API Explorer is just a way- not really the best way of course. (but in your case it seems fine since I think you are managing the page from your account only not for the other facebook users- correct me if I am wrong).
Generally, facebook integration is used to get access for a facebook user and perform some activities or get the user's data, and it is done by implementing the facebook login. The facebook login takes in to account the permissions user has granted and returns an access token- that's the user access token
Now, if you want to post on behalf of the page itself, you have to use the page's access token (API-
/me/accounts
). Now, the good thing is- you can extend the page access token that's never expires! I've explained the steps here.
If you want to post on behalf of the user/admin, you use the user access token which can be extended by making a \GET request that you've explained that already. Now when you said-
I've even read that an existing long lived access token can be refreshed but only if it's about-to-expire. There is no information in which timeframe 'about-to-expire' lies. (5 days ain't)
This statement is incorrect! You can extend the token at any point. Today you have a token with 60days expiry, tomorrow it can be extended again with upto 60 days expiry. To refresh the extended token, you have to repeat the steps you used to generate the extended token for the first time i.e.- obtain an access token (the normal one) with the login flow or the graph api explorer(yes- there's NO other way to get the access token) and make the \GET request to obtain the extended one. This is it!
You asked-
How to get a new short lived access token with the previously used permissions (manage_pages and publish_stream) querying an API endpoint?
Dont worry about this, next time whenever you try to get the access token it will have the permissions with it since you have authorized the app already. You dont need to take care of anything for this!
Edit
If you dont want to use the Graph API Explorer, you can write a small script, using JS/PHP/other language and implement the facebook login- get the access token- and extend that token (oh wait! you didnt tell how are you creating the posts? You can do that with your script only- simple enough!). Good luck!