You are designing a data pipeline in Azure Databricks that involves processing sensitive data. How would you implement resource tokens to secure access to data stored in Azure Cosmos DB, and what considerations would you need to make regarding token expiration and permissions?