You need to setup a logouthook script. See the following article for a discussion and example script.
http://www.amsys.co.uk/2015/02/delete-keychains-logout/?nabe=6486817002487808:0
and
https://jamfnation.jamfsoftware.com/discussion.html?id=16983
I did have a concern about the fact that loginhooks run as root and therefore was worried about logouthooks as well, but it seems from the above article and comments that it does work fine for finding and deleting the users keychains rather than roots or other users keychains.
One thing I would change is the path used as the one given will only work for local home directories and not network home directories. Try the following version of the script.
#!/bin/sh
rm -Rf $HOME/Library/Keychains/*
exit 0
Obviously test this change before rolling it out to users. Remember there can be multiple keychains, there is the standard login.keychain but could also be metadata.keychain, Microsoft_Intermediate_Certificates and folder(s) which represent the Local Items keychain.