Proposal for token invalidation (and the tokens blacklist)

[aegor]

Colleagues, let me once again raise the issue of token invalidation (and the tokens blacklist).
I understand that your product is primarily "live" and primarily a "kit", so any connections to databases are out of the question.
However, we do have webhooks. It would be sufficient to introduce a single configuration option, "CheckTokensViaHook," which, when enabled, would trigger (or not trigger) an event to the server for token validation.
This solution seems quite elegant to me because it shifts the token validation logic to the application server without creating explicit dependencies of LiveKit on any persistence layer.