Change default value for `timed_spam_max` to `null`

[ThomasLandauer]

If the session has expired, validation always fails, right? See https://github.com/isometriks/IsometriksSpamBundle/blob/master/Form/Extension/Spam/Provider/SessionTimedSpamProvider.php#L35

So I would set the default for timed_spam_max to null, so that the user's default session timeout setting (i.e. session.gc_maxlifetime in php.ini) kicks in. Otherwise, people keeping the default, will have 2 different timeout settings in place.