1. Proposed title of this feature request

Allow users to set apiServerArguments --service-account-max-token-expiration

2. What is the nature and description of the request?

Currently, OpenShift is using the default value of service-account-max-token-expiration which is 2^32 seconds. It's a very high value which allow users to create JWT authentication token valid almost indefinitely with oc create token command.
Clusters administrators can't track these tokens as they are not stored in etcd or anything else in the cluster. They can only catch the request in audit logs but it's easy to miss.

3. Why does the customer need this? (List the business requirements here)

Customer must be confident that there are no untracked permanent tokens used outside OpenShift. Because it can lead to security breach if a token is compromised
Forcing users to create limited time tokens mitigates this security risk

4. List any affected packages or components.

OpenShift Kube APIServer