Bug in handling of non-expiring capability tokens

[NeilMadden]

The CapabilityController currently uses Instant.MAX to create non-expiring timestamps. However, due to a bug in the JDK this will actually be converted to a timestamp in the past and the tokens will still be deleted if stored in the DatabaseTokenStore.

The code should be updated to either use something like Instant.now().plus(1000, YEARS) or else to provide a manual conversion from instants to timestamps (the bug recommends using new Timestamp(token.expiry.toEpochMilli())).

[NeilMadden]

Changed to arbitrary expiry of Epoch + 10,000 years. I am going to revise chapter 9 to use shorter-expiry tokens in a future update so this problem will disappear.