`store_location_for` should not store omniauth redirects

[jclusso]

When a user is not active_for_authentication?, the Warden callback triggers warden.logout(scope). If the user was signing in via Google with OmniAuth, store_location_for may have already persisted a redirect, which can overwrite the intended redirect path.

This can also result in a CSRF error on the next sign-in attempt, since the app tries to follow that stale redirect.

I ran into this due to additional Warden hooks that also call logout. I’m not sure all the scenarios where this applies, but I’m happy to open a PR if there’s a recommended fix.