Make Override Session Expiry optionally configurable

• /oidc_auth/backends.py
• /README.md

Keep current functionality, but allow integer values to be set for override_default_expiry for edge cases.

I've added warnings for best practices in the README.

Reasoning:

• It is currently difficult to test app behavior when sessions time out (eg. by setting a shorter-than-token expiry time)
• Bad practice to hard-code upper limits with no way to configure them

Ryan: please review (I'm not sure what the difference is between "assignee" and "reviewer" here

also testing to see if I can ping via comments @rgoggin