Automatic certificate creation?
Solution 1:
Yes, you can use command line tools to issue your own self-signed certificates. These need not be limited to one year.
There is no difference between Keychain Access created certificates and those you create using command line tools.
openssl
With openssl
you can create certificates of any duration. The question and answers for how to create a self-signed certificate with OpenSSL will get you started. The command is effectively:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 730
The command above will result in a two year self-signed certificate.
Automatic versus Manual
Regarding safety, there is no difference in safety between certificates created by Keychain Access's graphical interface and those by command line tools.
The safety of self-signed certificates can be an issue. Self-signed certificates are not signed by a trusted third party. This third party signature typically only matters when the certificate is being used outside of your immediate environment – which it is not for this situation.
Ad-Hoc
You can also ad-hoc codesign an application without a certificate:
sudo codesign -f -s - /Applications/Xcode.app