Sessions refactor (#656)

* (feat): WIP oauth2 and session removal

* (feat): OAuth changes and fixes

* (fix): bad spec tests for trending

* (feat): improve sessions

* (feat): improvements to tests and other session considerations

* (feat): server sessions and oauth cleanup

* (fix): failing tests

* (chore): cleanup old access to  variable

* (fix): drone

* (feat): support revoking tokens

* (fix): remove encryption key from code

* (fix): remove unused line

* (fix): refresh token should not require confidential either

* (fix): messenger issues

* (fix): no need to normalize

* (fix): mobile messenger fixes

* (fix): guid must be string in jwt token

* (fix): spec test does not require last tos update flag