Expired risk acceptances are not re-instantiated when expiration date is updated via API

[twwd]

Bug description
When we update the expiration date of an already expired risk acceptance, the pure value is updated but the state of the linked findings is not changed.

Steps to reproduce
Steps to reproduce the behavior:

1. Create a risk acceptance for an active finding with expiration date set to tomorrow.
2. Wait until is expired (or click Expire now in the DefectDojo web UI).
3. Get the ID of this risk acceptance.
4. Sent a patch request via API to this risk acceptance with expiration_date set to a date in the future. The patch request must include the existing accepted_findings list (see Additional context).
5. The linked findings are still active.

Expected behavior

The linked findings should be set to Inactive and Risk accepted. The Expiration handled on the risk acceptance should be reset (expiration_date_warned and expiration_date_handled).

Environment information

• DefectDojo version: v. 2.54.0 ( e85bbd242 )

Additional context
Another unexpected behavior of the risk acceptance API is that we must sent the accepted_findings for patch requests again. If we omit the key in the patch request the accepted findings list is set to empty.
Also, we can set expiration_date_handled via the patch request although the OpenAPI description states that this field is read-only.