pass phrase in session to last maximum exactly 4 hours

[tomholub]

If existing sessionStorage can be configured to have expiry, set it to auto-wipe 4 hours from storing.

If above is not possible, need our own mechanism that keeps pass phrase in memory, in one class instance in background page where each pass phrase expires in exactly 4 hours from entry - and this should be used instead of the browser session mechanism.

part of #2125