Consider a scenario where you need to implement resource tokens for securing access to data in Azure Cosmos DB from Azure Databricks. How would you configure these tokens to ensure they are secure, including considerations for token permissions and expiration?