authz: clean up rows that have broken `auth_data` in `user_external_accounts`

Created by: unknwon

We're experiencing the error fetch user permissions: ... 401 Bad Credentials on Sourcegraph Cloud for many users on GitHub.com. My hunch is that those users were once authorized Sourcegraph GitHub app for sign in and revoked us later on (needs a local reproduce to verify my hypothesis).

Historically, we never did clean up broken OAuth credentials.

The problem only appears now is because:

1. Repository permissions were never enforced on Sourcegraph Cloud as we only host public repositories.
2. People can now add external services freely with private repos. Someone did and make Sourcegraph Cloud start enforcing repository permissions.

• Context: https://sourcegraph.slack.com/archives/C0J618TTM/p1602809501024200
• Related: https://github.com/sourcegraph/sourcegraph/issues/14884

For the solution, the repo-updater's PermsSyncer seems a good fit as the first thought, but I feel it is too coupled with repository permissions syncing because broken OAuth credentials should be cleaned up in an independent routine, as repository permissions syncing won't be the only consumer of it (e.g. campaigns might use it at some point).

TODO

• Add expired_at and last_valid_at columns to user_external_accounts table. #15789
• PermsSyncer should take in consideration of expired_at when read, and mutate these columns when the OAuth token still valid or expired. #16067
• Have a background routine to periodically check OAuth tokens.