IdStory Identity Manager

PoC is available in branch https://github.com/bcvsolutions/CzechIdMng/tree/rtomiska/2506-authenticator:
- verification code is required for all now
- code verification is executed directly in LoginController. Code verification is based on time => no other third party server is called.

TODO:
- integrate mechanism to the right place (move logic from LoginController => AuthenticationManager) => include verification code in token.
- redirect to new page with verification code only after successfull login (implement authentication filter to check verification code is given).
- generate and persist identity secret (Base32) - which entity will be used (IdmIdentity, IdmPassword, IdmProfile)?
- enable / disable two factor authentication - which entity will be used (IdmIdentity, IdmPassword, IdmProfile, IdmPasswordPolicy or global application setting)?

Added:
- TwoFactorAuthenticationManager api created and mechanism moved to right place (but a lot of FIXME remain - authentication mechanism redesign is needed)
- identity secret (Base32) added to password entity (same as password - no audit, no return to ui except the init phase)
- enable / disable two factor authentication added to identity profile
- authentication token is not valid since two factor authentication succeed

TODO:
- redirect to new page with verification code only after successfull login (implement authentication filter to check verification code is given).
- notification (~sms) fallback + notification topic
- showLoading is stucked on verification code, when error occurs (e.g. token expires)
- remote user - disable too, when two factor authentication is enabled? Maybe this will fit with superAdminRole workaround, which is implemented now.
- mssql change script
- recovery-codes?
- token agenda => support to add "system" token (basic and remote user authentication will not be possible, when two factor authentication is enabled).
- must change password => before or after two factor authentication?
- login expiration - show two factor too in this modal dialog

Added:
- redirect to new page with verification code only after successfull login (implement authentication filter to check verification code is given).
- showLoading is not stucked on verification code, when error occurs (e.g. token expires).
- sso requires two factor authentication too - after login by sso page with verification code is shown.
- basic authentication cannot be used with two factor authentication enabled => use "system" token.
- must change password is shown after successfull authentication (login by username => two factor => must change password => two factor => user is logged).
- login expiration - two factor is shown in this modal dialog too.

TODO:
- notification (~sms) fallback + notification topic
- mssql change script
- test
- documentation
- token agenda => support to add "system" token (basic and remote user authentication will not be possible, when two factor authentication is enabled) - #1199

Feature is implemented.

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/6a460fd1c3cf92319dfbe509e63418777702810b

Doc:
https://wiki.czechidm.com/devel/documentation/security/dev/security#two-factor_authentication
https://wiki.czechidm.com/devel/documentation/application_configuration/dev/backend#two-factor_authentication

Could you provide me a feedback, please?

I did review and tested many scenarios, this feature is very complex (refactoring especially). Thanks for this awesome feature and fix bugs.

Review notes:
- Update of ERD missing.