mod_auth_fast - add a way to invalidate a certain user token(s)

## Environment

- ejabberd version: ed846c4a8891491442c2aa5744b3d809a95dc40d
- OS: Linux (Debian)
- Installed from: source 

eg. I was expecting `kick_user` to kill their session and token, but it did not

the Admin panel Mnesia page offers only global "clear" for all users, and this can't be stored in SQL (which I hope would allow more granular control)