Deleting a user does not delete its permission objects

When deleting a user, its permission objects (XWiki.XWikiRights Property user: Users: xwiki:XWiki.<USERNAME>) on pages for example, does not get deleted.

The link to the user profile is obviously broken, but if another user with the same name gets created again, the permissions are still in place and active, which could pose a security threat.

To reproduce:

• create test user (e.g. test)
• give user test view permissions on a page
• check with object editor for object called XWiki.XWikiRight
  • value of property Users:  xwiki:XWiki.test
• delete the user
• check with object editor again to see the same object still there
• re-create user with same username
• permissions still/again re-apply for this page
  • permissions get restored and are also visible via rights GUI