gitlab_group_access_token `expires_at` now needs to be `required` not `optional`

Group access token needs the same treatment as project access tokens.

This may have changed since #1496 (closed) but I'm not 100%.

Error: POST https://gitlab.com/api/v4/groups/REDACTED/access_tokens: 400 {error: expires_at is missing}

There's also a (poorly worded) error, if you try to create a token with an expiry longer than 1 year.

Error: POST https://gitlab.com/api/v4/groups/REDACTED/access_tokens: 400 {message: 400 Bad request - Expires at must expire in 365 days}