Auth: "keep me connected" when register/login

[endel]

Maybe we should allow to configure the duration of auth token when registering / logging in.

[lucasdupin]

Why not in security.yaml?
We could set expiration by token type:

• mobile - never
• web - 2 weeks
• etc

And it wouldn't be exposed/exploitable from front-end!