This patch implements the following PCI-DSS requirements:
* PCI-DSS 8.2.4: Change user passwords/passphrases at least once every
90 days.
Once a user's password is expired, they will not be able to authenticate
and be required to reset their password. This patch adds a new
password_expires_at attribute to the user response.
Depends-On: I07c10de627898d6ac79578dc24292ded4a2190f1
Partially-implements: blueprint pci-dss
Change-Id: If8979dbfc202bc354b1537a5962143bb7b3be28e