Display tokens that have do not have expiry enforced

Problem Statement

In !33783 (merged), we introduced the option to toggle Personal Access Token Expiry Enforcement.

Consider a situation when expiry is not enforced and a token expires. The user can continue to use the token (we will be showing in-app banner as part of !34101 (merged)), however there is no way for the user to revoke the access for the token from the UI if they want to. The inactive tokens are not displayed in the user's Personal Access Token page.

What does this MR do?

This MR shows the tokens that have expired yet are active in the list of Active Tokens. In order to make it explicit to the user, the token is shown as Expired with a tool-tip that says Expiration not enforced.

Mentions #214723 (closed)

Screenshots

Query

SELECT
  "personal_access_tokens".*
FROM
  "personal_access_tokens"
WHERE
  "personal_access_tokens"."user_id" = 641
  AND "personal_access_tokens"."impersonation" = FALSE
  AND (("personal_access_tokens"."revoked" = FALSE
      OR "personal_access_tokens"."revoked" IS NULL)
    AND (expires_at <= '2020-06-17 17:23:06.003591')
    OR (revoked = FALSE
      AND (expires_at >= NOW()
        OR expires_at IS NULL)))
ORDER BY
  "personal_access_tokens"."expires_at" ASC

Execution time:

Time: 8.052 ms
  - planning: 0.409 ms
  - execution: 7.643 ms
    - I/O read: 7.404 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 0 from the buffer pool
  - reads: 4 (~32.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

Execution plan: https://explain.depesz.com/s/DBrN

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers
• Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team