Currently, we have app::remove_user which invalidates the user's token and user::log_out which is a local operation only. We should change user::log_out to also call the server and attempt to invalidate the token, but even better, we should probably consolidate both of these methods in a single call that accepts a boolean remove_local_data parameter. Since it needs the transport factory to perform the request, we should probably consolidate around app::remove_user(bool remove_local_data).

Note that this may or may not be an accurate reflection of the public API, but this is fine and we don't have to bikeshed on it.