Is your feature request related to a problem? Please describe.
User sessions will persist until the Stig-Manager tab is closed. I.E. it is possible that a user can remain logged in to Stig-Manager untill the max session time allowed by the IDP is reached.

Describe the solution you'd like
In order to address V-222389 of the ASD Stig, I propose that Stig-Manager enforces an idle timeout after a period of inactivity. It would be great if enforcement of this timeout/the length of the timeout be configurable with envars.

As long as a user stays active with an open tab of Stig-Manager the access token should be refreshed. If the user has not interacted with a Stig-Manager tab within the idle-timeout, then the access token should not be refreshed.

Describe alternatives you've considered
Alternatives include revoking an access token with the /revocation endpoint on identity providers.

Additional context
n/a