perf(authZ): improve oidc session check (#8091)

# Which Problems Are Solved

Access token checks make sure that there have not been any termination
events (user locked, deactivated, signed out, ...) in the meantime. This
events were filtered based on the creation date of the last session
event, which might cause latency issues in the database.

# How the Problems Are Solved

- Changed the query to use `position` instead of `created_at`.
- removed `AwaitOpenTransactions`

# Additional Changes

Added the `position` field to the `ReadModel`.

# Additional Context

- relates to #8088
- part of #7639
- backport to 2.53.x

internal/eventstore/read_model.go

@@ -13,6 +13,7 @@ type ReadModel struct {
 	Events            []Event   `json:"-"`
 	ResourceOwner     string    `json:"-"`
 	InstanceID        string    `json:"-"`
+	Position          float64   `json:"-"`
 }
 
 // AppendEvents adds all the events to the read model.
@@ -43,6 +44,7 @@ func (rm *ReadModel) Reduce() error {
 	}
 	rm.ChangeDate = rm.Events[len(rm.Events)-1].CreatedAt()
 	rm.ProcessedSequence = rm.Events[len(rm.Events)-1].Sequence()
+	rm.Position = rm.Events[len(rm.Events)-1].Position()
 	// all events processed and not needed anymore
 	rm.Events = rm.Events[0:0]
 	return nil