Set framework logout_across_devices to false if session-manager is installed

[emteknetnz]

The recommendation from the investigation on the framework issue regarding UX weaknesses of logging out across devices on https://github.com/silverstripe/silverstripe-framework/issues/9794 was that the default value of RememberLoginHash logout_across_devices should be changed from true to false if session-manager is installed

The original UX issue of logout_across_devices = true being a bit weird still remains. It should still stay in place if session-manager is not installed otherwise there is no way to logout malicious devices.

If session manager is installed, then set disable logout_across_devices = false as a default in config, though this also may be reset to true in project config

Note: No matter what value is set the logic in Revoke a single session will set logout_across_devices to false for the duration of a 'revoke' request, essentially ignoring the config value

ACs

• [x] The default value of logout_across_devices remains the same as true if session-manager is not installed
• [x] The default value of logout_across_devices is false if session-manager is installed
• [x] Projects can override this and set the default value of logout_accross_devices to true if session-manager is installed
• [x] Project documentation is updated to reflect this

PRs

• [x] https://github.com/silverstripe/silverstripe-session-manager/pull/66

[maxime-rainville]

All done