Add a pinniped logout command

[aslafy-z]

Is your feature request related to a problem? Please describe.

Deleting the cache folder to logout may not be straightforward for all users and the path changes between OSes.

Describe the solution you'd like

A pinniped logout cli command.

Describe alternatives you've considered

Delete the cache folder.

Are you considering submitting a PR for this feature?
Yes, why not!

• How will this project improvement be tested? With unit tests.
• How does this change the current architecture? N/A
• How will this change be backwards compatible? N/A
• How will this feature be documented? Update this section and some other.

  pinniped/site/content/docs/howto/debugging.md

  Lines 162 to 172 in 83ab099

  	## Clearing session and credential caching by the CLI
  	Temporary session credentials such as ID, access, and refresh tokens are stored in:
  	- `$HOME/.config/pinniped/sessions.yaml` (macOS/Linux)
  	- `%USERPROFILE%/.config/pinniped/sessions.yaml` (Windows).
  	Temporary cluster credentials such mTLS client certificates are stored in:
  	- `$HOME/.config/pinniped/credentials.yaml` (macOS/Linux)
  	- `%USERPROFILE%/.config/pinniped/credentials.yaml` (Windows).
  	Deleting the contents of these directories (`rm -rf $HOME/.config/pinniped`) is equivalent to performing a client-side logout.

[aslafy-z]

A nice thing would be to also redirect to the logout url of the provider. This would add complexity as it would need to update the supervisor code to include a redirect or backchannel logout logic.

[joshuatcasey]

Could you give more details on the use-case for this feature? Often Pinniped allows login to multiple K8s "workload" clusters from one "management" cluster. Would a logout mean that a user could no longer use one particular cluster, or all clusters?

Is there a security compliance concern driving this feature?

[joshuatcasey]

Hi @aslafy-z just following up on the above questions.