Comment 8 for bug 1553324

We could change the behavior of "delete token" (which currently operates by targeting a unique audit ID) to instead revoke ALL of a user's tokens issued prior to the event (by instead targeting the user ID). That way we only store a single revocation event that we can simply update repeatedly (with a more recent timestamp).