Support expiration of metadata by package archives

Expiring package metadata is intended to limit the effectiveness of a
replay attack, and is used by the APT package manager, among others.
Here, the onus is on the package archives to implement a secure and
reasonable policy.  (Debian uses 7 days before metadata expires.)

* lisp/emacs-lisp/package.el (package--parse-header-from-buffer):
Break out new defun from...
(package--parse-timestamp-from-buffer): ...here.
(package--parse-valid-until-from-buffer)
(package--archive-contents-not-expired): New defuns.
(package--check-archive-timestamp): Test for a "Valid-Until" header in
the archive-contents file and signal an error if it's too old.

* test/lisp/emacs-lisp/package-tests.el
(package--parse-valid-until-from-buffer)
(package-test-check-archive-timestamp/not-expired)
(package-test-check-archive-timestamp/expired): New tests for the
above.
1 job for scratch/package-security in 105 minutes and 9 seconds (queued for 12 seconds)
Status Job ID Name Coverage
  Test
passed #7564
test-all

01:45:09