Remove support non OAuth tokens that don't expire

Via #21745 (closed) we added default expiration of OAuth tokens for new OAuth Applications, and an option to enable it for existing applications. In %15.0 we can remove the backward compatibility and force all tokens to expire within 2 hours.

NOTE: We will also need a database migration to set an expiration for existing tokens. Otherwise, they will never expire unless revoked (even refreshing a previously non-expiring token will result in a new token without expiration).