Add flag option for using sessions

[tmcdo1]

Currently, a token is signed and can be used as long as it has not expired. This means that there is no easy/effective way to "logout" of the application. To solve this problem, a blacklist of tokens should be kept (get removed from the database when they expire) in the database and should be checked against whenever a user authenticates. A /logout path can also be added that will add the user's currently issued token to the blacklist