Drivers cannot handle token revocation from session

[atz]

Currently we have the controller cache grant tokens per service in the user's session. When tokens expire or are revoked, the controller does not know how to handle it, because by design all the driver smarts are encapsulated from it.

From the other side, the failure (e.g. 401 exception) will occur during a request in the driver code, but the driver is prevented from clearing out the stale value from the session! So user actions will continue to fail forever until they log out of the application and back in (getting a new session).

At the very least, as a stopgap, we should allow a user to clear tokens via a button without nuking their whole app session. More fundamentally, we need to find a way to tie the specific exceptions/events from each driver to the invalidation of the cached token. Everything else about the interaction (client object, client session, etc.) can be purged inside the driver code, but it is not supposed to know anything about the application session.

Relates to #100, #111, but I made this ticket to focus on the architectural problem of having the session-caching in the controller, unavailable to all the driver logic.

The simplest solution, afaict, would be to have the drivers accept a callback/closure to be called to enact the cache invalidation. But maybe we should rethink our attempt at separation and find a different architecture. Thoughts, @mbklein ?