session_timeout: make sure remember_me's before_logout hook gets called

[jankoegel]

• related with different solution: Fix/session timeout #304

The Problem

• if an app uses both the session_timeout as well as the remember_me submodule the following can happen:
  • even if a user's invalidate_sessions_before timestamp is set to now, their remember_me sessions will not be invalidated
  • reason: the remember_me cookie doesn't get deleted during the session_timeout submodule's validate_session
• debug log that shows the flow of events without this PR:

  -> VALIDATE SESSION
  expired? false
  invalidated? true
  💣 RESETTING SESSION
  reset @current_user
  🍪 login_from_cookie
  🎂 register_login_time
  😱 assigning current user again
  

In the code

• only logout calls before & after logout hooks:
  

  sorcery/lib/sorcery/controller.rb

  Lines 75 to 78 in d9dc0bd

  	before_logout!
  	@current_user = nil
  	reset_sorcery_session
  	after_logout!(user)

• remember_me uses a before_logout hook to clear its cookie:
  

  sorcery/lib/sorcery/controller/submodules/remember_me.rb

  Line 22 in d9dc0bd

  Config.before_logout << :forget_me!

[PedroAugustoRamalhoDuarte]

@jankoegel i am trying to get the test from my PR to yours, but the test are broken because rspec version with rails 7.1:
rspec/rspec-mocks#1530

I have upgrade the rspec, but a lot of other test become broken due the upgrade rspec-rails from version 3 to version 6. I will open a PR from my test branch to yours and after that we check with @joshbuker its OK to merge everything together

[joshbuker]

Interesting...This looks like it should work, but appears to be failing the OAuth session timeout specs.