Set the 'canDelete' field of external ids to be true if the external id
for the last login is null.
This is different from the old remote JSON service implementation, but it
seems reasonable because an external id should be deletable if the external
id is not a 'SCHEME_USERNAME' and it's not used to login.
And this change will make it much easier for us to test the get/delete
external ids REST API.
Change-Id: I0ab347bddf782b20a3be1826279df5a1ba88c5df
a2ffc209a4