Add the capability to filter API tokens server-side

[johnstcn]

Follow-up from coder/coder#21783:

In large deployments, the number of expired tokens could be quite large especially if many ephemeral / short-lived tokens are issued. Filtering them client-side feels inefficient and should rather be done by the database.

Originally posted by @dannykopping in coder/coder#21783 (comment)