docs: recommend using the route logout

[desimone]

There was a bug causing logout on the authenticate service to work differently from logout on the proxy service. (they were actually using different sessions) The above PR should fix that problem.

However using logout from authenticate is not ideal. It can't delete the cookie on the route itself, and we utilize a caching layer for session access, so it may take a few seconds for the user to appear logged out on the route. We should update the documentation to recommend using the route logout.

Originally posted by @calebdoxsey in pomerium/pomerium#3592 (comment)

[calebdoxsey]

I don't know where to document this. We don't actually recommend using the authenticate sign_out endpoint anywhere.

[desimone]

Let's add some text to the single sign out docs page. I think what's missing is:

1. Use the route scoped special endpoint (vs the authenticate logout endpoint which will not clean up the session cookie).
2. Explain how to properly use the endpoint with some user flow would be helpful
3. Explain what is , and isn't happening to the session (e.g. cookie will be deleted but the session will be cached globally for a period of time).
4. Recommend using the SDKs to make this easier.

[alexrudd2]

@XxEnigmaticxX ket's keep an eye on this. Currently I just redirect people to https://authenticate.<domain>.com/.pomerium/ but the logout link isn't obvious (it's upper-right under the user gravatar)

[ZPain8464]

Fixes this: #429

@desimone I believe we can close this?