Implement logging out in the OAuth authorization service when using a
first-party account.

This currently just causes any credentials cached in memory or local
storage to be forgotten and the user's profile to be reloaded. Once a
token revocation endpoint is available, the "Log out" button could also
trigger that as well.