Destroys the user session with Xkit and removes the internal configuration of any access tokens. Subsequent calls to functions on xkit.js after
logout resolves will fail unless they don't require authentication.
This action is idempotent - calling
logout when the user has no active session or configured tokens is a no-op.