Delete Expired Trigger tokens

Description

In order to unblock the release of trigger token expiration (MR)

We need to implement a mechanism for deleting the expired trigger tokens following the patterns of other Expirable entities.

Requirements

• Add a 30 day retention policy as per #519724 (comment 2480119051)
• Implement an expired-token cleanup worker, similar to that of expired JobArtifact records, that operates across the entire table and deletes expired tokens.

Future Proposals (Dismissed for now)

• Implement an unavoidable expiration check in the Ci::PipelineTriggerService. While this isn't exactly a "permission" in the sense of our DeclarativePermissions framework, it's very much an important capability policy. The services are supposed to be the center of capability checking, so we should check the expiration timestamp against the current time before we create a Pipeline in there.
  • Because deletion is an asynchronous, instance-wide process, we shouldn't count on it to remove every trigger the second it expires. While it can be removed eventually, we should reject requests to use it immediately.
  • It's a little bit of a bank shot, but we should consider deleting the Trigger record synchronously when someone tries to use it at any point beyond it's expiration.