Remove lock tokens from sessions upon logout().

When a session has acquired an open-scoped lock on a resource and then ends via logout(), the session should disassociate itself from the lock so that another session can take over ownership of the lock via the lock token and JcrLockManager.addLockToken().