Why would you need Tailscale for revoking an access token in an unrelated service? Just kick the device out of the sessions list in Immich, or change your password if that's stored directly on the device