Revoke tokens on attached L1s when user logs out

On logout:
1. Call /auth/revoke on each attached L1 renderer
2. Remove all attachments from user_renderers table
3. Clear L2 cookie

This ensures logging out of L2 also logs user out of all L1s.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

server.py

@@ -531,8 +531,28 @@ async def ui_register_submit(request: Request):
 
 
 @app.get("/logout")
-async def logout():
+async def logout(request: Request):
-    """Handle logout - clear cookie and redirect to home."""
+    """Handle logout - clear cookie, revoke token on attached L1s, and redirect to home."""
+    token = request.cookies.get("auth_token")
+    username = verify_token(token) if token else None
+
+    # Revoke token on all attached L1 renderers
+    if username and token:
+        attached = await db.get_user_renderers(username)
+        for l1_url in attached:
+            try:
+                requests.post(
+                    f"{l1_url}/auth/revoke",
+                    headers={"Authorization": f"Bearer {token}"},
+                    timeout=5
+                )
+            except Exception as e:
+                logger.warning(f"Failed to revoke token on {l1_url}: {e}")
+
+        # Remove all attachments for this user
+        for l1_url in attached:
+            await db.detach_renderer(username, l1_url)
+
     response = RedirectResponse(url="/", status_code=302)
     # Delete both legacy (no domain) and new (shared domain) cookies
     response.delete_cookie("auth_token")