Related to the feature requested in JENKINS-56397, as an administrator, I want a unified method to revoke API tokens, SSH keys, and potentially other sensitive user properties. This can be used to help clear out configuration data that may be otherwise used as alternative authentication mechanisms if the user is disabled but not deleted.

Note that the user configuration page already exposes the ability to revoke all their sessions as well as API tokens, though a simpler approach for admin use will help expand on the idea without adding more things to click.