Replacement token lifetime extension warning

[tulshi]

As per the discussion in IETF 124:
As mentioned in issue #272 , the replacement flow should be moved to the security considerations section. The lifetime of the replaced tokens may exceed the lifetime of the original token, there should be text in the security considerations section that warns about the effects of doing this.

[naveencm4u1]

I agree with this approach. After the internal review, we decided not to extend the expiry of the replacement token, as doing so could lead to potential misuse through repeated extension requests.

[tulshi]

@naveencm4u1 , thanks for your insight.