Make oauth2 tokens expiration time configurable

[mickenordin]

Currently access tokens that are given out by Nextcloud hard coded to be vaild for 3600 seconds: https://github.com/nextcloud/server/blob/48628b90690d8204e7875d561b8115c526cc9176/apps/oauth2/lib/Controller/OauthApiController.php#L203-L223C21

RFC 6750 states that: https://datatracker.ietf.org/doc/html/rfc6750#section-5.2

 To deal with token capture and replay, the following recommendations
   are made: First, the lifetime of the token MUST be limited; one means
   of achieving this is by putting a validity time field inside the
   protected part of the token.  Note that using short-lived (one hour
   or less) tokens reduces the impact of them being leaked.

Following these guidelines, a server administrator might want to reduce the validity of a token, to a shorter interval. Conversely, there may also be situations in which a server administrator may want to extend the expiration time of a token, following careful consideration of the impact of such a decision.

I therefore propose that we make the oauth2 access token validity time configurable. I am willing to submit a PR for this, if others think that this could be useful?

[joshtrichards]

Related: #40766