Implement RFC 7009 - OAuth 2.0 Token Revocation

https://datatracker.ietf.org/doc/html/rfc7009#page-5

It would be good to have a standardized way of revoking tokens instead of having to come up with custom revoke methods. In the oak localstorage example I made, currently the only way to revoke tokens is if you have a session, you can go to the logout url. The logout url will revoke both the access and refresh tokens.