Add revoke_tokens method

[n7studios]

Summary

Adds the revoke_tokens method, allowing Kit Plugins to revoke an access token when e.g. the user disconnects the Plugin from Kit.

Testing

• testRevokeTokens tests the revoke_tokens method revokes the access and refresh tokens

Checklist

• I have written a test and included it in this PR
• I have run all tests and they pass
• The code passes when running the PHP CodeSniffer
• Code meets WordPress Coding Standards for PHP, HTML, CSS and JS
• Security and Sanitization requirements have been followed
• I have assigned a reviewer or two to review this PR (if you're not sure who to assign, we can do this step for you)

[n7studios]

@mercedesb this will POST to https://api.kit.com/v4/oauth/revoke, sending the client_id and access_token to be revoked. Wanted to check this is the correct call, as couldn't spot any docs on the API site.

[tskupinski]

We should change this parameter to token - Doorkeeper will look for token parameter.

I think that you will also need to revoke refresh token separately - it should be enough to make same call and pass it as token parameter.

[cheemurakami]

I think client_secret is also needed here as well

[n7studios]

We should change this parameter to token - Doorkeeper will look for token parameter.

I think that you will also need to revoke refresh token separately - it should be enough to make same call and pass it as token parameter.

I've updated the PR to reflect this, and the associated test to confirm both access and refresh tokens are revoked by attempting to use them with authenticated requests/refreshing tokens.

I think client_secret is also needed here as well

The WordPress Plugins use PKCE, as the code is public (https://en-gb.wordpress.org/plugins/convertkit/) - so there's no client_secret used. I've confirmed with the changes above that tokens are revoked, so don't believe the client secret is needed.