Recursively revoke sub-authorizations when authorization is revoked

[cdata]

As of #420 we have implemented consolidated, high-level paths for authorizing and revoking authorization from other keys. When revoking authorizations, we currently do not check to see if there are any sub-authorizations that are invalidated by the revocation. This technically "sorts itself out," because if any of those sub-authorizations are used they will fail to pass a verification check (as their chain of authority is no longer valid). However, as a matter of hygiene and clean book keeping, we should be removing these authorizations from the list of delegations in the authority section.