This commit also adds an /api/v1/oauth/logout endpoint that allows
clients to delete their sessions (access tokens) as needed.
Signed-off-by: Michael Mayer <michael@photoprism.app>
These changes ensure that the new (SHA256) session ID is returned in the
"session_id" field, so that developers have time to update their client
implementations to use the new "access_token" field.
Signed-off-by: Michael Mayer <michael@photoprism.app>