You can modify the JWT lifetime to be quite a bit shorter yes: https://strapi.io/documentation/v3.x/plugins/users-permissions.html#jwt-configuration
As to your global question, I do not see a good way to secure the “public” role in the way you are expecting. 