Set PAT expiration period #1368
Description
PATs should not be indefinite. I suggest setting a default expiration of max 1 year, and also perhaps creating an option to allow users to set a reduced validity of tokens.
This would likely involve emailing users a courtesy notice of tokens that are about to expire (in, say, 1 week).