Valid login session length should be configurable

Currently, 3scale login session is fixed to 2 weeks and is not changeable. However, the length of the valid session should be configurable.

These session aspects should be customizable for the developer and for the admin portal:
1. Session Inactivity Timeout value
2. Session Maximum Timeout value

Dev Notes

-Should there be a maximum allowed value? Not needed. The defaults would be the ones we have right now and it will be up to the customer to define reasonable timeout values. 

• From comments below from Product, this issue will be done for on-prem only.
• From this comment, it seems we should set an upper limit, if the security issue is for when the session timeout is too long:

  This security issue pops up in every penetration and security testing performed. Too long Inactivity Timeout and Max Session Timeout values provide threat actors more opportunities for session highjacking.

UX notes

Where shall we allow this for the admin portal? At the master level?

Documentation notes

Set user_sesion_ttl in settings.yml as seconds - something like 7200 (would mean 2 hours). In case value is not set (null) or the empty string, then the default of 2 weeks is used.