Don't prompt for anonymous users we won't log out

[tonial]

Is your feature request related to a problem? Please describe.

This happens when the OP tokens and session have shorter lifespan than the RP session.
The RP may ask to logout a user who's tokens ans sessions are all expired with a call on the logout endpoint with id_token_hint parameter.

In this case :

• we will find an id_token and all the user's tokens are expired (the following code won't do anything : https://github.com/jazzband/django-oauth-toolkit/blob/master/oauth2_provider/views/oidc.py#L366-L385)
• request.session.user == AnonymousUser so Django's logout() won't do anything.
  That means the whole do_logout() method will just handle the redirection.

Is it really useful to force a prompt in this case ?

Describe the solution you'd like

Given the small refactor from #1274 introducing must_prompt() method, I would add in this method a check on the token_user's token expire dates :
If we must prompt but

• there's a token_user
• and the request user is anonymous
• and all the token_user's tokens are expired

-> Then don't prompt

This feature would off course be behind a setting since it's not in the OIDC RP-initiated logout specs.

Describe alternatives you've considered

Additional context