Set framework logout_across_devices to false if session-manager is installed

[emteknetnz]

The recommendation from the investigation on the framework issue regarding UX weaknesses of logging out across devices on silverstripe/silverstripe-framework#9794 was that the default value of RememberLoginHash logout_across_devices should be changed from true to false if session-manager is installed

The original UX issue of logout_across_devices = true being a bit weird still remains. It should still stay in place if session-manager is not installed otherwise there is no way to logout malicious devices.

If session manager is installed, then set disable logout_across_devices = false as a default in config, though this also may be reset to true in project config

Note: No matter what value is set the logic in Revoke a single session will set logout_across_devices to false for the duration of a 'revoke' request, essentially ignoring the config value

ACs

• The default value of logout_across_devices remains the same as true if session-manager is not installed
• The default value of logout_across_devices is false if session-manager is installed
• Projects can override this and set the default value of logout_accross_devices to true if session-manager is installed
• Project documentation is updated to reflect this

PRs

• API Set default value of framework RememberLoginHash logout_across_devices to false #66

[maxime-rainville]

All done