1. Proposed title of this feature request
>>>

User should not be able to create token using 'oc create token' beyond the "accessTokenMaxAgeSeconds" limit.

2. What is the nature and description of the request?
>>>

Customer does not want a user to be able to create a token greater than the maximum age he set.
User sets the token duration larger than the value he set as maximum age, so he wants it to be limited to the maximum age. 
Also, he does not want to allow a user to set a token timeout of 132 years (2^32 seconds)

-----------------------
[user@bastion ~]$ oc create token -n test-project testsa --duration 100000000m
error: failed to create token: TokenRequest.authentication.k8s.io "" is invalid: spec.expirationSeconds: Invalid value: 6000000000: may not specify a duration larger than 2^32 seconds

However, if I try to generate a token exceeding accessTokenMaxAgeSeconds limit, it still works, 

$ oc get oauth cluster -o yaml | grep accessTokenMaxAgeSeconds
    accessTokenMaxAgeSeconds: 36000

$ oc create token -n test-project testsa --duration 360000m
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJaU2ZlLTNHaXVJS01GVTZPbTZOTnV3dG1jbVNiYWJOLTJ
-----------------------

3. Why does the customer need this? (List the business requirements here)
>>> Users can get tokens that have no limit in time.
Customer wants to limit the maximum age of a token in a cluster. He should able to configure the absolute maximum time-limit that the cluster allows.