Logout idle user automatically when HTTP session expires

[solth]

This pull request restores the correct handling of HTTP sessions being destroyed and thus fixes #6372 .

Expired HTTP sessions were previously handled by the KitodoVersionListener, which was the wrong place for this particular event handling and was then supposed to be moved to SessionService by #6047, but that pull request was missing a required annotation and therefore broke the handling of expired sessions.

#6379 adds the missing annotation to SessionService, but a service class is the wrong place for this in my opinion, so I opted to add a dedicated CustomHttpSessionListener that extends HttpSessionListener and does this job instead.

This pull request also adds a message shortly before the user is logged out automatically, to inform him about the pending, automatic logout, that contains a timer with the remaining time until the automatic logout:

This makes use of the PrimeFaces IdleMonitor component and the Timer component of PrimeFaces Extensions.

By also clearing the metadata locks of processes opened by a user in the metadata editor upon automatic logout, this pull request resolves #4480 as well.