sessions: use client-relative session expiration

This commit replaces the server-time based expires attribute with max_age, which is a timedelta relative to the client.

This fixes an issue in the reForis guide, where initial router setup was not possible due to the device's clock being out of sync with the client's.

expires has not been removed in order to be compatible with older browsers. Max-Age has precedence over Expires: https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2.2

Fixes turris/os/packages#779 (closed)

Closes: #381 (closed)

Signed-off-by: Martin Matějek martin.matejek@nic.cz