Feature proposal: setting and/or filter to limit refresh token lifetime

[pjeby]

I'd like to be able to be able to set a long timeout for refresh tokens on my Keycloak instance, but have some of my sites use a shorter idle timeout (notably, ones that control more sensitive data).

Since we now track a refresh_expires value, there could be a setting and/or filter to put a cap on the validity duration, and the session would be timed out automatically.

I'd be happy to write a PR for this, implemented as an admin setting. Any thoughts?