Impossible to create access token with a date beyond one year

Incorrect behaviour affecting both UI and API:

When require_personal_access_token_expiry option is disabled, creating an access token with an expiration date beyond 365 (or 400) should be allowed.

Correct behaviour (both UI and API):

Under the above conditions, when no expiration date (expires_at) is provided a never-expiring token is successfully created.

Problem

The API and UI fails to create tokens with dates beyond 365 (or 400).

Example incorrect behaviour for dates beyond one year

Relates to !170094 (comment 2240574884)

Example correct behaviour when no date

Screen_Recording_2024-12-05_at_18.36.57

To disable require_personal_access_token_expiry and max_personal_access_token_lifetime:

• via API: curl --header "PRIVATE-TOKEN: $PAT" --request PUT "https://gdk.test:3443/api/v4/application/settings?require_personal_access_token_expiry=false&max_personal_access_token_lifetime"
• via UI: /admin/application_settings/general#js-account-settings

Possible solution

As suggested in !153876 (comment 2244108120), expires_at_before_instance_max_expiry_date should probably reuse the functionality of expires_at_field_data.