feat(gateway): update expiry of access authoritzations on init (#9975)

Resolves: #9971

rust/connlib/tunnel/src/messages/gateway.rs

@@ -176,6 +176,8 @@ pub struct AllowAccess {
 pub struct Authorization {
     pub client_id: ClientId,
     pub resource_id: ResourceId,
+    #[serde(with = "ts_seconds")]
+    pub expires_at: DateTime<Utc>,
 }
 
 #[derive(Debug, Deserialize, Clone)]

rust/gateway/src/eventloop.rs

@@ -7,8 +7,9 @@ use firezone_bin_shared::TunDeviceManager;
 use firezone_telemetry::{Telemetry, analytics};
 
 use firezone_tunnel::messages::gateway::{
-    AccessAuthorizationExpiryUpdated, AllowAccess, ClientIceCandidates, ClientsIceCandidates,
-    ConnectionReady, EgressMessages, IngressMessages, InitGateway, RejectAccess, RequestConnection,
+    AccessAuthorizationExpiryUpdated, AllowAccess, Authorization, ClientIceCandidates,
+    ClientsIceCandidates, ConnectionReady, EgressMessages, IngressMessages, InitGateway,
+    RejectAccess, RequestConnection,
 };
 use firezone_tunnel::messages::{ConnectionAccepted, GatewayResponse, Interface, RelaysPresence};
 use firezone_tunnel::{
@@ -403,7 +404,7 @@ impl Eventloop {
                 });
                 self.tunnel
                     .state_mut()
-                    .retain_authorizations(authorizations.into_iter().fold(
+                    .retain_authorizations(authorizations.iter().fold(
                         BTreeMap::new(),
                         |mut authorizations, next| {
                             authorizations
@@ -414,6 +415,20 @@ impl Eventloop {
                             authorizations
                         },
                     ));
+                for Authorization {
+                    client_id,
+                    resource_id,
+                    expires_at,
+                } in authorizations
+                {
+                    if let Err(e) = self.tunnel.state_mut().update_access_authorization_expiry(
+                        client_id,
+                        resource_id,
+                        expires_at,
+                    ) {
+                        tracing::debug!(%client_id, %resource_id, "Failed to update access authorization: {e:#}");
+                    }
+                }
 
                 if self
                     .set_interface_tasks