frontend: remove session upon signout

Created by: asdine

This change deletes both the session cookie and the Redis session key when the client logs out. Currently, when a user logs out, the session is invalidated but not deleted. Whenever a client logs in with the same browser, the old session is reused by https://github.com/gorilla/sessions which can lead to authentication bypass.

Note: The issue still remains when an admin manually invalidates a user session. @ElizabethStirling any thoughts?

Related to https://github.com/sourcegraph/security-issues/issues/136