Provide Opt In for Enforced Access Token Expiry

Problem

Currently we populate, but don't enforce a default expiration on access tokens, Personal Access Tokens (PATs), Project Access Tokens and Group Access Tokens, created by users.

Currently, enforcing access token expiration is a feature that is only available in Ultimate self-managed.

Access Tokens usually get inadvertently leaked on git repos or elsewhere and the impact of a Maintainer level PAT leak can be pretty high and may cause reputation damage to GitLab.

Proposal

Defaults are populated, but not enforced. This means there can still be tokens created that don't have a default expiry.

This issue is to provide the ability to opt into enforcing that all tokens must have an expiration date.

Once we remove support for non-expiring tokens, it is a breaking change . It is important to have this opt in to give our customers time to make sure they are prepared for it by being able to turn on enforcement when they are ready.