Existing tokens are inconsistent after user rename

If a user is renamed in Crowd, his sessions are not terminated, but remain associated to the previous username. This causes a broken link in the 'User sessions' table in Crowd (because the link points to the old username), and it is likely to cause problems to any application that has a valid token and tries to retrieve the user details from the token. More precisely, after a user is renamed:

• The token still exists in cwd_token, but with the old username.
• An application that requests to validate the token (POST /session/xxx) gets a successful validation (HTTP 200), but the response contains a link to the oldusername.
• An application that requests the user details from a token (GET /session/xxx) gets an error (HTTP 400) and the following response: <error><reason>INVALID_SSO_TOKEN</reason><message>User <alice3> does not exist</message></error>