fix: clear session token after logout

[janldeboer]

Properly removing the session-token cookie and preventing refreshing it

Description

I found two problems regarding the authjs.session-token cookie:

1. The code in src/routes/auth/logout/callback/+page.server.ts doesn't properly remove the cookie after logout
2. Even when deleting the cookie, the layout file src/routes/+layout.server.ts would refresh the token and create the cookie again.

My proposed changes solve both of these problems

Related Issue

#18

Motivation and Context

Not removing session tokens after logout is a security flaw, as other users on the same machine could access protected sites / data even the original user logged out.

How Has This Been Tested?

I manually tested the behaviour on localhost and check with browser tools, that the cookie was properly removed.

Documentation:

None

Checklist:

• I have updated the documentation accordingly.
• I have assigned the correct milestone or created one if non-existent.
• I have correctly labeled this pull request.
• I have linked the corresponding issue in this description.
• I have requested a review from at least 2 reviewers
• I have checked the base branch of this pull request
• I have checked my code for any possible security vulnerabilities