Expand on definition of expires_in

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-3.2.3

> If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.

Replace the last sentence explaining that an access token might expire ahead of the scheduled expiration here