Rename OIDC expiration-grace property to lifespan-grace

[sberyozkin]

Fixes #8627

I'm renaming it to lifespan-grace as somehow I'm not keen on leeway :-), it sounds a bit too generic. It is a minor issue though (can rename to leeway if preferred). Note we already use jwt.lifespan property for the client_secret_jwt so lifespan-grace seems not too bad.
Pedro's logout PR uses the expiration-grace property so I'll rebase once his PR is in and there will be a test too, we already have a few timeout tests so I'd rather not add another one yet.
It's better to fix this property name now as it is misleading.

I'm not sure it is worth keeping the expiration-grace as deprecated, the users are quite likely not aware that iat is affected by this property, so it feels the best action is to rename it and send a message.

@Ladicek, hi.

I'd rather not assign it some default value > 0, as we'll open a potential CVE, some user's app will be invoked by the stolen token few secs after the exp (which can happen with the leeway), they will start investigating and find out that it is our fault etc. I agree in many cases no one will probably care but I'd rather them set this property themselves :-)

[geoand]

Please rebase the PR onto the latest master in order to pick a CI fix

[sberyozkin]

@geoand sorry, I'll wait till Pedro confirms #8512 changes I've pushed to his branch are good so that I can merge the whole PR - this will most likely require another rebase here. So I'll wait for a bit

[geoand]

Great, thanks!

[Ladicek]

Fair enough re the default 0 value of this property.

[sberyozkin]

Quarkus CI / Native Tests - Data is cancelled. Otherwise looks good.
@stuartwdouglas, @pedroigor do you agree with this property name change ? if we are to rename it then it has to make it to 1.4.0.Final IMHO. Thanks

[Ladicek]

I like this.

Whether it should go to 1.4 or 1.5, I don't mind.

[sberyozkin]

@Ladicek Thanks, I'll merge to 1.5.0 and ask a question in the forum (as I need to update the forum about the OidcTenantConfig package change anyway)

[sberyozkin]

It already has a backport issue so I will keep it as is, but will mention it in the forum

[Ladicek]

need to update the forum about the OidcTenantConfig package change anyway

Not sure about the forum, but this change definitely needs to go to the migration guide (https://github.com/quarkusio/quarkus/wiki/Migration-Guides).

[sberyozkin]

@Ladicek I've started modifying the guide but @gsmet has removed the backport label. Guillaume, should we not go ahead with this backport ? I was trying to say in the guide that this property name can lead to the unexpected verification results, the name is very misleading

[Ladicek]

Not backporting is probably reasonable; in that case, it will have to be in the 1.5 migration guide.

[sberyozkin]

OK, will get it to the 1.5 guide unless @stuartwdouglas or @pedroigor will prefer otherwise. Thanks