Allow users to be hard-deleted from the API

Merged Nick Thomas requested to merge (removed):28694-hard-delete-user-from-api into master

What does this MR do?

Adds a ?hard_delete=true parameter to the administrator-only users API, allowing a hard delete to be triggered

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Related to #28694 (closed)

Edited by Nick Thomas