Allow users to opt-out of IP/UA based-hash

Currently, when a user event is tracked, their IP and User Agent are hashed with a salt that is rotated daily. This is still considered PII because users can still be identified until the end of the day, but under the UK’s statistical purposes exception, we are able to do this without requiring consent.

However, we are still required to allow users to opt-out:

As part of relying on this exception, you must provide the user or subscriber with clear and comprehensive information about the purpose, and a ‘simple and free’ means to object.

Obviously, this could be done by no longer tracking anything for such a user, but it would be better if we were able to set a flag so that their data could be anonymised immediately (i.e. use a random value instead of the hash so we no longer track sessions, but still track events). Ideally with some sort of flag in the resulting data so we can include/exclude that data in reporting.