frontend: logout invalidation and login 'do not remember' option

[RobertRosca]

Cammille mentioned that logging out doesn't fully log you out, as the authentik page will still remember your user and ask if you'd like to continue/log in as somebody else, and that it may be better to fully log out of authentik/oauth source as well. From me that was an intentional choice since it's the 'normal' way to handle SSO, but we have the not very normal use case of shared computers.

Right now in the hutch people just leave their accounts logged in all the time and anybody who wants to uses it... so it's probably not a big deal if damnit web behaves the same, could also be that people would be annoyed if it does things in a more secure way and asks you to authenticate often.

My suggestion is having an option like "This is a private computer" which is unchecked by default, when unchecked the logout will perform a full logout and revoke the token for the application/oauth provider to force a login there too, and maybe also lower the token validity time to something on the order of hours instead of days (maybe 8 hours since that's how long a shift is?).

But if "This is a private computer" is checked then it would retain the same behaviour as now where the tokens are valid for a long time and logging out only clears it from the browser instead of doing a full revocation.

At least with this, especially if it's by default unchecked, we're keeping things reasonably secure while still allowing people to not have to log in frequently when using damnit web from their own devices.