OAuth 2/JWT: take token expiration into account in stream connections

[acogoluegnes]

Stream connections use an in-process cache for permissions. The cache has a size limitation, but it's never cleared. It should be cleared and refreshed, especially when credentials have an expiration date (e.g. JWT token).

Stream connections should be able to detect whether credentials have an expiration date and set a timer to close the connection when the token expires. When updating the secret (sasl_authenticate frame), the connection would clean the cache and re-evaluate the permissions for publishers and consumers. It would cancel any existing timer related to expiration and set a new timer based on the new expiration date.