feat: add separate max token lifetime for administrators (#18267)

# Add separate token lifetime limits for administrators

This PR introduces a new configuration option `--max-admin-token-lifetime` that allows administrators to create API tokens with longer lifetimes than regular users. By default, administrators can create tokens with a lifetime of up to 7 days (168 hours), while the existing `--max-token-lifetime` setting continues to apply to regular users.

The implementation:
- Adds a new `MaximumAdminTokenDuration` field to the session configuration
- Modifies the token validation logic to check the user's role and apply the appropriate lifetime limit
- Updates the token configuration endpoint to return the correct maximum lifetime based on the user's role
- Adds tests to verify that administrators can create tokens with longer and shorter lifetimes
- Updates documentation and help text to reflect the new option

This change allows organizations to grant administrators extended token lifetimes while maintaining tighter security controls for regular users.

Fixes #17395

docs/reference/cli/server.md

@@ -910,6 +910,17 @@ Periodically check for new releases of Coder and inform the owner. The check is
 
 The maximum lifetime duration users can specify when creating an API token.
 
+### --max-admin-token-lifetime
+
+|             |                                                    |
+|-------------|----------------------------------------------------|
+| Type        | <code>duration</code>                              |
+| Environment | <code>$CODER_MAX_ADMIN_TOKEN_LIFETIME</code>       |
+| YAML        | <code>networking.http.maxAdminTokenLifetime</code> |
+| Default     | <code>168h0m0s</code>                              |
+
+The maximum lifetime duration administrators can specify when creating an API token.
+
 ### --default-token-lifetime
 
 |             |                                            |