Only trusted agents can lease machines now (chromium-swarm and chromium-swarm-dev servers). Is it still necessary to have an upper bound? If the Swarming server is misbehaving and leasing for too long, then we've probably got bigger problems.

I agree it's less of an issue now, but I think it's still valuable to put protections at every level.

The following revision refers to this bug:
  https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/c85f474a910c5bc1185fc404dc570cad18ab0ee0

commit c85f474a910c5bc1185fc404dc570cad18ab0ee0
Author: smut <smut@google.com>
Date: Fri Feb 24 23:19:00 2017

Enforce two-day limit on lease requests

BUG= 692407 

Review-Url: https://codereview.chromium.org/2716783002

[modify] https://crrev.com/c85f474a910c5bc1185fc404dc570cad18ab0ee0/appengine/components/components/machine_provider/rpc_messages.py
[modify] https://crrev.com/c85f474a910c5bc1185fc404dc570cad18ab0ee0/appengine/machine_provider/handlers_endpoints.py
[modify] https://crrev.com/c85f474a910c5bc1185fc404dc570cad18ab0ee0/appengine/machine_provider/handlers_endpoints_test.py