Don't send request to one login when signing out after impersonation

[CatalinVoineag]

Context

There is a small bug when login out the candidate using one login. If you logout as a candidate after impersonating the candidate we are sending request to one login to log out.

This is wrong as we didn't log in as a candidate through one login.

This PR fixes this by just redirecting to candidate sign in page if the id_token is nill, the id_token is set in the session only when one login sign in is successfull.

Changes proposed in this pull request

Guidance to review

Go on review app and impersonate a candidate user.
Sign out as a candidate user.
You should be redirected to the candidate sign in page.

Things to check

• If the code removes any existing feature flags, a data migration has also been added to delete the entry from the database
• This code does not rely on migrations in the same Pull Request
• If this code includes a migration adding or changing columns, it also backfills existing records for consistency
• If this code adds a column to the DB, decide whether it needs to be in analytics yml file or analytics blocklist, if included inform data insights team of the changes
• If this code adds a column that may include PII, the sanitise.sql script and 0025-protecting-personal-data-in-production-dump.md ADR have been updated.
• API release notes have been updated if necessary
• If it adds a significant user-facing change, is it documented in the CHANGELOG?
• Attach the PR to the Trello card

[avinhurry]

I'm unable to login to the review app using the bypass to test this. Am I doing something wrong? 🤔

[CatalinVoineag]

I'm unable to login to the review app using the bypass to test this. Am I doing something wrong? 🤔

You need to use dev-candidate, that's the only bypass account we have. I've removed the create candidate feature from the form as it was a security issue if the bypass would have been enabled in production by mistake