Describe `access_token` param of `User.logout`

Add an explicit note that clients are not supposed to send the
`access_token` parameter, since it is extracted from request
headers.

lib/models/user.js

@@ -403,7 +403,10 @@ User.setup = function () {
           var tokenID = accessToken && accessToken.id;
 
           return tokenID;
-        }}
+        }, description:
+          'Do not supply this argument, it is automatically extracted ' +
+            'from request headers.'
+        }
       ],
       http: {verb: 'all'}
     }