Add per-client token TTL and expiry support for client credentials

[abhishek-kaushik]

Summary

• Per-client TTL setting — Each OAuth client can configure a token TTL (in seconds) via the admin UI. Existing clients default to no TTL (tokens never expire), preserving backwards compatibility.
• Expiry stored on the token — Access_Token::create_for_client() reads the TTL from the client and sets an expires timestamp on the token at creation time.
• Expired token rejection — The authentication layer rejects expired tokens with a 401 Unauthorized.
• expires_in in token response — The /oauth2/access_token endpoint includes expires_in in the response only when the token actually has an expiry.

Backwards Compatibility

Existing clients have no TTL stored — tokens issued to them will not expire. New clients opt in by setting a TTL value in the admin UI.

[joehoyle]

@abhishek-kaushik could you give me a review of #75 (I added you to this repo) so we can merge tests, and then add test with this PR

[abhishek-kaushik]

@abhishek-kaushik could you give me a review of #75 (I added you to this repo) so we can merge tests, and then add test with this PR

sure @joehoyle , can do it

[joehoyle]

Ok tests per merged, you should be able to add tests here now