Rework expiring passwords report

[michaelk83]

Collecting discussion from #7787 , #7686 , #4167 , #7467 .

Summary

Rework the expiring passwords report ( #7290 ) to be less obtrusive etc:

• [x] Extend the existing is:expired search with an optional -## suffix to indicate days until expiry. E.g. is:expired-3 to include passwords that will expire within the next 3 days.
• [ ] Rename the Expired tag to Expiring, defined as is:expired-N, N taken from the report settings (when the setting is changed, it updates the tag).
• [ ] Instead of showing the full report on startup, show only a banner: You have passwords about to expire. [Show me]. "Show me" link opens the Expiring tag.
• [ ] Change settings from the current On database unlock, show entries that ... to:
  • [✓] Remind of expired passwords every [3 days |±] - Controls how often the banner is shown ( #4167 ), and whether it's shown at all. Maybe not needed, but I'm pretty sure someone will ask for it.
  • [✓] Include passwords that will expire within [3 days |±] - Controls the Expiring tag behavior.
• [ ] Make sure #7467 is fixed (should be covered by the is:expired-## change).

Context

The current expired passwords report is shown on every database unlock, which is too obtrusive and confusing. Users do not expect it (e.g. #7686 ). The current settings are difficult to translate ( #7787 ).