refactor: ensure bad consent sessions and identifiers are deleted (#3241)

internal/storage/migrations/V0005.ConsentSubjectNULL.mysql.up.sql

@@ -1,3 +1,5 @@
+DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'));
+DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect');
 ALTER TABLE oauth2_consent_session MODIFY subject CHAR(36) NULL DEFAULT NULL;
 ALTER TABLE oauth2_consent_session
     DROP FOREIGN KEY oauth2_consent_subject_fkey,

internal/storage/migrations/V0005.ConsentSubjectNULL.postgres.up.sql

@@ -1,3 +1,5 @@
+DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'));
+DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect');
 ALTER TABLE oauth2_consent_session ALTER COLUMN subject DROP NOT NULL;
 ALTER TABLE oauth2_consent_session ALTER COLUMN subject SET DEFAULT NULL;
 ALTER TABLE oauth2_consent_session RENAME CONSTRAINT oauth2_consent_subject_fkey TO oauth2_consent_session_subject_fkey;

internal/storage/migrations/V0005.ConsentSubjectNULL.sqlite.up.sql

@@ -2,6 +2,9 @@ PRAGMA foreign_keys=off;
 
 BEGIN TRANSACTION;
 
+DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'));
+DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect');
+
 ALTER TABLE oauth2_consent_session RENAME TO _bkp_UP_V0005_oauth2_consent_session;
 
 CREATE TABLE IF NOT EXISTS oauth2_consent_session (