Consider making offers expire

[MonsieurNicolas]

One of the things we learned with the protocol 10 rollout with changes like CAP0-0003 is that it's becoming increasingly hard to not break certain client business logic that rely on undocumented (something we can improve on for sure) or undefined behavior.

One aspect in particular is on how the order book functions: while the order book can "at any time" cancel or modify outstanding order, the issue is that those events happen so rarely that people may not realize that this is the case.

A simple way to turn the "improbable" into "certainty" (therefore hardening client code), would be to simply move semantics that are closer to how other markets work: force long lasting orders to be recreated at a regular time.

A couple possible approaches to start the discussion.

The purge

There could be a recurrent "purge" of the order book that deletes X% of the orders every T ledgers (both of these would be network parameters).
This approach seems to be close to what we want: non deterministic (due to the random nature) deletion of orders, which forces clients to not rely on any particular behavior of how the order book state is managed.

By having many ledgers between purge events, the "pseudo randomness" that comes with simple things like "ledger hash" is quite strong.

Deterministic expiration

We could also add an expiration time as a network parameter, we would pick something like a week or two as a starting point and offers would just automatically get deleted when they reach their expected life time.

The issue with that approach is that it only partially solves the problem: what if we want in a future upgrade or a future version of the protocol to delete certain offers? If client code relies on certain timing, it won't work.

A nice thing about this solution is that it's basically how standard order books work (be it "good for day" or "good until cancelled" that really means 30 or 60 days for most brokerage firms).