Cleaning up relations

[alesstimec]

When we destroy/remove resources via JIMM we do not clean up OpenFGA relations. In our staging JIMM we currently have a number of stale relations referring to resources that no longer exist.

[kian99]

I noticed this recently when testing JIMM with Terraform. I think there's 2 issues.

1. There's a relevant comment about this in internal/jimm/model.go

// NOTE (alesstimec) If we remove OpenFGA relation now, the user
// will no longer be authorised to check for model status (which
// will show the model as dying for a bit, until the Juju controller
// completes the model destuction).

We need to add some logic to the watcher code where we do the final cleanup of a model in the DB to also delete OpenFGA tuples.

2. Additionally, we need to think about removing all relations to the destroyed resource not just for the owner.

This applies to models, application offers, etc.

[alesstimec]

We could also just have a worker that lists all relations, tries to parse all tags, if we cannot parse a tag (usually because we cannot fetch the corresponding resource data from the db) we remove the relation..