fix: prevent clear() from destroying all sessionStorage

[bashhack]

Hey @damienbod (and fellow contributors!) - thanks for this library and all the work maintaining it!

Summary

This PR updates the storage behavior in BrowserStorageService to ensure that clear() and remove() only remove data associated with the specific OIDC configuration, instead of clearing all browser storage for the origin.

Problem

The previous implementation called abstractSecurityStorage.clear(), which could result in the underlying sessionStorage.clear() / localStorage.clear() being invoked. This cleared all keys for the origin, including:

• Other OIDC configuration entries (in multi-config setups)
• Application-managed session/local storage (e.g., analytics, support widgets, SPA state)

Goal

Ensure correct isolation between configurations and preserve consumer application data, while maintaining compatibility with the existing storage contract.

Changes

• clear() and remove() now remove only the entry associated with the current configId
• Added guard to ensure configId exists before storing / clearing
• Behavior now matches read() and write(), which already operate on configId

Benefits

• Proper isolation for multi-configuration setups
• Prevents accidental erasure of application storage
• Fully backward-compatible — behavior aligns with existing read/write patterns

Thanks again @damienbod for the library, happy to adjust anything here if needed! I appreciate the time and consideration!

[damienbod]

I make a minor release for this, should get it done on Sunday

[bashhack]

Thank you so much @damienbod + @FabianGosebrink 🤝

Appreciate the library, your efforts and the collaboration - cheers!