authz: Introduce hard TTL in Bitbucket Server provider
Created by: tsenart
This commit is the second chapter in #4812 (closed). It introduces the concept of a hard TTL, which defines a duration after which a user's cached permissions MUST be updated before any user action can be authorized.
This contrasts with the existing TTL setting which defines a duration after which a user's cached permissions get updated in the background, but the previously cached (and now stale) permissions can be used to authorized user actions.
Test plan: go test