When a user is removed from an SPO site that they have synced, the synced data is not removed from the workstation. I hope it is self-evident that this is a poor security practice. There is now a health check to show OneDrive sync issues on a website that admins can look at daily (still no alerts available) but if a user stops OneDrive sync and doesn't delete the files, then no one knows the user can still access those files.
So in this use case, a client-side script would run on a scheduled basis to look at the sync status of each folder, and if there is no sync status or the sync shows failed with permission denied, the sync would be deleted and the offline files would be deleted.
Of course, if the OneDrive agent could be modified to do the same automatically, that would also solve this use case.