Description
Right now GCM Core always returns any stored credentials for a request without any validation.
We cannot ever 100% validate that a credential is "good" for the particular Git command/request because the remote Git server can reject the credentials based on the content of the pack during a push, for example.
We can however validate if a stored a credential is expired or not, such as a PAT or OAuth JWT token that have expiration dates.
To do this we need to extend the credential store API and platform implementations to support reading/writing expiry metadata.
In the event the metadata is missing or the credentials have no expiry we should optimistically return them - assume they are good. This would mean we only reject definitely bad credentials (expired) and avoid false negatives.