Backport of Mark expired Vault token as expired when Vault is unreachable into release/0.21.x

[bosorawis]

Description

Manual backport PR to release 0.21.x

Vault credential stores have an internal job that periodically renews Vault tokens. If the renewal call returns a 403 error, the system assumes the token is no longer valid and marks it as expired.

When Vault is unreachable, the system logs an error and continues trying to renew the token past its expiration time since Vault never returns a 403 error. This change checks if the token has already expired; if so, it will mark the token as expired even when communication with Vault returns an error.

PCI review checklist

• I have documented a clear reason for, and description of, the change I am making.
• If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
• If applicable, I've documented the impact of any changes to security controls.
  Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.