As a Security Server Administrator I want to be able to set an expiration period for API keys so that security is improved

[raits]

The Security Server has a management REST API that can be used for all the same configuration and maintenance tasks that are available in the Security Server UI. More information about the API is available here.

The management REST API is protected with an API key based authentication. To execute REST calls, API keys need to be created. When an API key is created, it remains valid until it’s manually revoked. Currently, it’s not possible to define a validity period or automatic expiration for the API keys.

For security purposes, it would be useful to be able to set an expiration time on an API key so that it would automatically be revoked after a certain amount of time.

The JIRA ticket this issue was created from can be found here: https://nordic-institute.atlassian.net/browse/XRDDEV-238

Acceptance criteria:

• It is possible to make API keys expire based on time since creation
• The user can choose from the following:
• Use the default expiration
• Specify an expiration timeout when creating the key
• Mark the key to never expire
• The default expiration is configurable in the Security Server properties
• The X-Road Security Server user manual information is updated with the relevant information
  • https://github.com/nordic-institute/X-Road/blob/develop/doc/Manuals/ug-ss_x-road_6_security_server_user_guide.md#19-management-rest-api