UI: deleting a user or changing their password does not revoke web sessions

[mberhault]

Version: v19.2.0

Steps to reproduce:

1. start a cluster
2. create a sql user foo with a password
3. login to the admin UI as user foo
4. change foo's password through SQL
5. navigating the admin UI continues to work
6. delete user foo through SQL
7. navigating the admin UI continues to work

This is incorrect. In both "change password" and "delete user", the web sessions for the associated user should be revoked immediately, causing any use of the admin UI to redirect to the login page.

Epic: CRDB-26131

[piyush-singh]

Yikes, not sure how this was missed. Thanks Nathan. cc @dhartunian - I just repro'd this in cockroach demo in a few seconds. We should probably add this to our list for 20.1.1, and I think take some of the lower priority items of the list. This is probably worth backporting to 19.2 and 19.1 as well, where I assume it is also an issue.

[knz]

this may be a dup of #20718

[knz]

Yeah it's a dup - folding into it #20718