Expire deactivated users sessions

The following discussion from !130 (merged) should be addressed:

@zacps started a discussion: (+1 comment)

This should ideally expire the user's sessions (this is fine to break into another issue because I don't think we know a good way to do it currently).

Probably by checking user.active on each request

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information