Problem Statement

Personal access tokens should have a default expiration of something like 30,60 or 90 days to prevent users from creating tokens that are forgotten about and able to be used by a malicious personality at some future date. This would align with where security standards are trending for tokens and certificates. Users should still be able to set an expiration date for in the future but this should be an active choice rather than the default.