[Authentication] Docs should address how to handle logging out, as well as logging in

[thw0rted]

I'm submitting a...

• [ ] Regression
• [ ] Bug report
• [ ] Feature request
• [X] Documentation issue or request (new chapter/page)
• [ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Neither the general Authentication topic page nor the Passport-specific Recipe page discuss how to implement a log-out endpoint.

Expected behavior

Authentication guidance should include both login and logout.

What is the motivation / use case for changing the behavior?

Applications designed following the best-practices in the docs should ensure that users can definitively invalidate their session.