Ensure tokens are consistently cleaned from table

[TTA777]

Currently, our tokens table is not consistently cleaned on using a token.

We need to ensure the following:

• Used tokens are removed from the table
• Tokens are removed when a user is anonymized
• Possibly, ensure expired tokens are cleaned regularly

@A-Guldborg Something you might take a look at, considering your recent work with tokens?

[A-Guldborg]

I can take a look at it, but do we really want to remove all used tokens?

We discussed at one point invalidating login tokens for a user who uses an already revoked/used token (c:onsider an intercepted / stolen token). This would minimize the risk/consequence of maliciously acquired tokens. This is only possible, if we keep storing the revoked tokens but I'm open for discussion.

I do however see that keeping them in the database will acquire a lot of old data over time. How much data do we currently have in production in this table?

Would also be nice with a priority on this ticket, since I do have other work in progress on shifty frontend of #289 and #312

[TTA777]

@A-Guldborg My main concern here, is in regard to the "old" tokens, i.e. the jwt ones used for certain operation e.g. forgotten password, and delete account. I think it would also make sense to clear the table of all refresh/ login tokens when a user is deleted.

With all that said, @fredpetersen expressed interest in the issue, so I'm assigning it to him since oyu have other tasks