[Design] Configurable MFA methods

[kchudy]

Each location can be configured to use Multiple MFA methods.

• External SSO will be available if business/enterprise license is activated & admin configures it
• TPM (hardware MFA) will be avaiable only for Enterprise license
• TOTP/Mobile biometry/Email is available always

Now in each location admin can configure:

• how many factors/steps will be used
• each step can be multiple (user selects which method) or single
• each step can choose from all available methods (internal/external)

[teon]

Internal MFA methods:

• TOTP (eg. Google Authenticator)
• Email (only if SMTP is enabled)
• Mobile Biometry (info for admin: user will need to configure mobile devices and enables Biometry) - idea/optional: we can add info how many users have this enabled or not
• TPM (Device Hardware Key) - only for Enterprise license (from 2.2)