oauth2: make CSRF and code verifier token expiration configurable

[ggmoy]

Commit Message: oauth2: make CSRF and code verifier token expiration configurable

Additional Description: Currently, the OAuth2 filter hardcodes the values of the CSRF and code verifier tokens to 600s (10 minutes) . This limits flexibility for use cases where:

• Users need shorter expiration (e.g., high-security scenarios).
• Users need longer expiration (e.g., backward-compatibility).

This PR makes both tokens configurable, adding default_csrf_token_expires_in and default_code_verifier_token_expires_in fields to the OAuth2 filter configuration. Both default to 600s (10 minutes) if not specified, keeping backward compatibility.

Risk Level: Low Testing: Added tests for cases where uses sets the values of the new fields in the configuration. The default values are already tested in almost all the tests. Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional API Considerations:]

[repokitteh-read-only[bot]]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/). envoyproxy/api-shepherds assignee is @wbpcode CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

:cat:

Caused by: https://github.com/envoyproxy/envoy/pull/39877 was opened by ggmoy.

see: more, trace.

[yanavlasov]

@ggmoy please fix DCO: https://github.com/envoyproxy/envoy/pull/39877/checks?check_run_id=44079109324

/wait

[ggmoy]

@ggmoy please fix DCO: https://github.com/envoyproxy/envoy/pull/39877/checks?check_run_id=44079109324

/wait

Done!