AC-12 describes mostly organizational triggers that disconnect a user, but in almost all discussions of the control we agreed that token max age should be set. Therefore we need a rule to check it!

Acceptance critera:

• create a rule with an OVAL check that tests that either of the following is true:
  • all of the oauthclient objects have the accessTokenMaxAgeSeconds attribute set
  • the oauth.cluster has .spec.tokenConfig.accessTokenMaxAgeSeconds attribute set
• create an E2E test for the check{{}}