current customer would like to see time-bound customer roles for security reviews, incident response - similar to the Just-In-Time access implemented by GCP:http://cloud.google.com/iam/docs/temporary-elevated-access

user story:

As a platform administrator, I want to grant temporary elevated roles (Owner, User Admin, Template Admin, Auditor), so that access is time-bound, auditable, and automatically revoked after a defined period (e.g., 24–48 hours).

Acceptance Criteria:

• Given a user requests elevated access, when approved, then the role is granted for a configurable time window (e.g., 24h, 48h).
• When the time window expires, then the elevated role is automatically revoked.
• Only users with valid business justification can request elevated access.
• All access grants and revocations are logged for audit purposes.
• Only certain group of users is entitled to request elevated access.