In webhook auth mode, if a websocket connection is established with a token and if the token expires at a later time, the connection will still continue to work as graphql-engine doesn't know that the token has expired.

We already handle token expiry in JWT mode (by forcefully closing the websocket connection after the time specified with exp), so we just need to provide a means to specify expiry time in webhook mode. The Expiry/Cache-Control HTTP headers seem to be a good fit, we already handle expiry of JWKs with these headers, so should be straightforward to use it for webhook auth too.