as requested by some organizations, we can drop the authorization of the OAuth client when the client calls "/disconnect" in the APIv3.
The user will have to reauthorize (authenticate + perhaps provide 2FA) every time they connect to the VPN.
Exceptions to this are suspending the computer or reconnects because of network issues, then it will reconnect automatically without bothering the user.
Initial version that works: https://git.sr.ht/~fkooman/vpn-user-portal/commit/23c8e0a1bd9b4662cc8913d31d472182debbbe64
Part of 3.0.5 as a preview feature.