Fix bug around Github token expiration

Even after increasing the grace time for Github app installation tokens
to 5min we were still seeing exceptions related to expired app tokens.

Upon furhter investigation it turned out that the current grace time had
no effect at all since we passed the *adjusted* expiry time to the
Github client, which takes it at face value and raises an exception if
the expiry time is exceeded.

To fix this we'll store the original expiry time in the token cache and
pass that directly to the Github cliendt. We then adjust the cutoff time
by the 5min grace time when checking if a token should still be
considered valid.

Change-Id: I56f51df1d57e4dd7f1f85eba4af28c2a7318ddd1

zuul/driver/github/githubconnection.py

@@ -1119,11 +1119,13 @@ class GithubClientManager:
                            project_name)
             return ''
 
-        now = datetime.datetime.now(utc)
+        # Consider tokens outdated 5min before the actual expiry time
+        cutoff_time = datetime.datetime.now(utc) + datetime.timedelta(
+            minutes=5)
         token, expiry = self.installation_token_cache.get(installation_id,
                                                           (None, None))
 
-        if ((not expiry) or (not token) or (now >= expiry)):
+        if ((not expiry) or (not token) or (expiry < cutoff_time)):
             headers = self._get_app_auth_headers()
 
             url = "%s/app/installations/%s/access_tokens" % (
@@ -1136,7 +1138,6 @@ class GithubClientManager:
             data = response.json()
 
             expiry = iso8601.parse_date(data['expires_at'])
-            expiry -= datetime.timedelta(minutes=5)
             token = data['token']
 
             self.installation_token_cache[installation_id] = (token, expiry)