Leave clearing the session to SessionAuthenticationStrategy

Clearing the session is out of scope for the AuthenticationGuardBundle. Somenone who wants to clear the session should implement a SessionAuthenticationStrategy of his own, inject the TokenSotorageInterface from the service configuration and in the onAuthentication method clear the session when both $oldToken and $newToken are instanceof UsernamePasswordToken and usernames of both tokens are different.