JumpCloud: remove user when they leave

[LuD1161]

Goal:
Ensure the user no longer occupies a paid JumpCloud license or directory seat and is fully deprovisioned from managed systems and groups.

Tasks:

• Research JumpCloud user lifecycle and licensing rules (assigned vs unassigned, device-bound vs directory users).
• Identify JumpCloud API(s) to deactivate and delete user accounts.
• Input: jc_username, email, or user_id.
• Steps: resolve user → deactivate → remove from groups and systems → revoke API keys/sessions → delete user record.
• Verify JumpCloud admin console reflects released license/seat.
• Emit audit JSON (groups removed, device unlinked, deactivation time, final user status).

Acceptance:

• Dry-run supported (simulate API calls).
• Idempotent (safe to run multiple times).
• Unit tests with mocked JumpCloud API.