Soft-delete `ApiGrant` so it's available for troubleshooting/auditing

[mdtro]

The ApiGrant needs to be unusable as soon as it is exchanged for a token. We can soft delete these, but I'd like to merge this as it resolves an immediate security bug. I can issue new PRs for the necessary model changes to support soft deletions.

I'll take a look at the cleanup script. It should be removing these that are expired regardless of how old they actually are. Ironically, the cleanup script purging these might have been created to deal with the fallout of this bug. 🤔

_Originally posted by @mdtro in https://github.com/getsentry/sentry/pull/68910#discussion_r1571438578_

[ykamo001]

Here's an example in case it's needed:

• Add a column for status: https://github.com/getsentry/sentry/pull/65733
• Add a manager to filter out soft deleted rows so they don't get picked up or returned in queries: https://github.com/getsentry/sentry/pull/65369/files#diff-025a08d4250c559637c64de2455592d7dd5952ca978eee14432bfd47c02a8272