Allow token expiration time to be configurable

[Xuanwo]

As shared in rust-lang/crates-io-auth-action#51.

Trusted publishing is great, but the default token expiration time is too short for a large workspace to release.

Like our repo: https://github.com/lancedb/lance, we have many crates to release:

- uses: rust-lang/crates-io-auth-action@v1
  id: auth
- uses: albertlockett/publish-crates@v2.2
  with:
    registry-token: ${{ steps.auth.outputs.token }}
    args: "--all-features"
    path: .

And it's also impossible for us to fetch a new token per crate. Can we make the token expiration time longer? Or at least make it last as long as the job is running?

[Turbo87]

the default expiration time is currently 30min. what expiration time would you need in your case?

as an alternative: it would be possible to build the token exchange directly into https://github.com/katyo/publish-crates, so that you don't have to use rust-lang/crates-io-auth-action at all. if the former detects that it's getting close to the 30min timeout it could theoretically revoke the current token and request a new one.

[Xuanwo]

Our release workflow needs about 30-40 minutes.

I'm thinking of running release pre-check first and then release without validation.

Your alternative makes sense too. I'll try contacting the author.

[Turbo87]

another thing that might help: rust-lang/cargo#15743