Parametrize rule oauth token maxage rules

Make rules `oauth_token_maxage` and `oauthclient_token_maxage` check
the token expiry timeout based on a variable.

Default timeout is 24h, but STIG requires it to be 8h.

applications/openshift/authentication/oauth_token_maxage/rule.yml

@@ -68,6 +68,4 @@ template:
         filepath: {{{ openshift_filtered_path(default_api_path, default_jqfilter) }}}
         yamlpath: ".tokenConfig.accessTokenMaxAgeSeconds"
         check_existence: "only_one_exists"
-        values:
-          - value: ".*"
-            operation: "pattern match"
+        xccdf_variable: var_oauth_token_maxage

applications/openshift/authentication/oauthclient_token_maxage/rule.yml

@@ -63,6 +63,4 @@ template:
         check_existence_yamlpath: ".items[:].grantMethod"
         check_existence: "all_exist"
         entity_check: "all"
-        values:
-            - value: ".*"
-              operation: "pattern match"
+        xccdf_variable: var_oauth_token_maxage

applications/openshift/authentication/var_oauth_token_maxage.var

@@ -0,0 +1,16 @@
+documentation_complete: true
+
+title: 'OAuth Token Maximum Age'
+
+description: 'Enter OAuth Token Maximum Age Timeout'
+
+type: number
+
+operator: equals
+
+interactive: true
+
+options:
+    default: 86400
+    24h: 86400
+    8h: 28800

products/ocp4/profiles/stig-v1r1.profile

@@ -25,6 +25,7 @@ selections:
     - srg_ctr:all
   ### Variables
     - var_openshift_audit_profile=WriteRequestBodies
+    - var_oauth_token_maxage=8h
   ### Helper Rules
   ### This is a helper rule to fetch the required api resource for detecting OCP version
     - version_detect_in_ocp