Include additional unique user information in session

Created by: flying-robot

This introduces a UserCreatedAt field to the sessionInfo structure, which can then be used as a confirmation check against the related database record for a given user. If the two values differ, the active session is immediately invalidated.

Using that value to invalidate un-synced sessions requires a change to the SetActor signature, so there are a number of tests that have been updated in support. A handful of other tests also needed modification to mock out the necessary database activities such that they could now pass.

Current valid sessions will not have a UserCreatedAt value, so a guard is in place for that condition and those users will not be logged out by this change (h/t to @ElizabethStirling).

fixes https://github.com/sourcegraph/sourcegraph/issues/16680