Ensure minimum token lifetime

[kontaxis]

If FLATNOTES_SESSION_EXPIRY_DAYS is set to 0 or a negative integer authentication stops working because issued tokens are immediately invalid since their expiration date is already in the past. Not sure why anyone would use such values but it's generally a good idea to be defensive about user input.

This change adds sanity checks to ensure tokens are valid for at least 30 seconds which should be long enough to complete an authenticated API request.