[BE] Implement blacklisting mechanism

Add new DELETE /session endpoint, which adds the current token information to the blacklist

On each request, check the blacklist and reject the request if the token is blacklisted

Add mechanism to cleanup the blacklist periodically

Add mechanism read the blacklist secret from controller-runtime cache

Add rate limit for calling DELETE /session endpoint