Add expiration time on token introspection
As noted in #354 (closed), although my tokens expire, we're not making it clear
in the token verify/introspection responses, which leads to a client
being unable to check how long they've got after the initial
expires_in
is returned after token granting.
Closes #354 (closed).