Remove session termination by userID to restrict token revocation of applications not associated for app Role

[ZiyamSanthosh]

• According to the previous implementation, if role update related events are triggered, the tokens and sessions belongs to the user are revoked and terminated.
• With the new application role concept, we restricted the token revocation logic to revoke only the tokens generated for the associated app of the specific app role.
• But, the session termination happens based on the userID where all active session of the relevant user will be terminated and the tokens are revoked.
• If multiple application tokens shares the same session, when the session is terminated, irrelevant tokens will also be revoked.
• Since we are anyway revoking the relevant tokens, avoiding the session termination will not be an issue. Because, anyhow when an API call is made through the application with the revoked token, authentication will fail and in that time, the session will get expired.

Related issue:

• Access tokens of all applications are revoked when a specific application role is removed for a user wso2/product-is#18815

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/7567624544

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/7567624544
Status: failure

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/7567980515

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/7567980515
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/7567980515