Further fixes to protection expiry:
* Use RFC 2822-style date/time format instead of localized formatting for
the expiry time in the protection form; while ugly, it actually works;
a localized time is usually lossy (changing the time on submit) and
more significantly will fail for any UI language that's not english!
* Rearrange some of the form display logic to handle error conditions
a little more gracefully; invalid expiry format caused the form to
be displayed twice.
* Should be nicer on session token expiration as well, showing the
form instead of just an exception message.