Add expiration field to JWT

[egeldenhuys]

See RFC 7519

Field name: exp
Data: Unix time when the token expires

I can't find any sources recommending the lifetime, so lets use an arbitrary value of 1 hour.
If this causes inconvenience we can extend the lifetime and introduce 2FA for privileged operations

JWT Schema

{
    "username": "fred",
    "iat": 1516239022,
    "exp": 1516240000
}