Add a rake task to revoke all access tokens that haven't been used in a certain period of time
Proposal
If a token hasn't been used in a long time, it's likely to never be used again... until a malicious hacker finds it because it was accidentally exposed somewhere. It would help GitLab (the company) and all of our self-managed users trying to improve their security posture to have an easy rake task to revoke all tokens that haven't been used before a certain date.
The task should be able to target a single group or a full instance.
"Access tokens" here would be defined as personal/project/group access tokens.
We should also document how to use this task and even recommend instance administrators to use it regularly as a good security practice.
Edited by Dominic Couture