jaas.8x8.vc: Removed users can still have READ/WRITE access to the workspace via different API endpoints

@emperor observed an `Improper Access Control` issue specific to "removed" users & insufficient session revocation. When a user was deleted/removed from the workspace (but for some reason, she was logged in JaaS & saved her session cookies), she could still perform certain actions on behalf of the workspace. *PoC / Steps to reproduce*: **Step1**: Login to your administrator account via https://jaas.8x8.vc/ **Step2**: Click on "Invite teammates" and add a "user". **Step3**: View and accept the Invitation received via email and set up your account **Step4**: Now from that account just perform any action to get cookie **Step5**: Now go to the main user account and remove this invited user. **Step6**: Observed that removed users can still have READ/WRITE access to the workspace. The team applied a fix to the session management, which resolved the issue.