pub(crate) fn prune_expired_bootstrap_nonces(
entries: Vec<BootstrapNonceEntry>,
signed_at: DateTime<Utc>,
) -> Vec<BootstrapNonceEntry>Expand description
Strip entries with expires_at < signed_at. Run at sign time so the
signed artifact only contains the operational set; fleet.nix can keep
historical entries as an audit log.