…entation

…ethod accordingly

This change allows to exactly know when a ChorusUser is authenticated or not

… in `ChorusUser`

Remove option from the ChorusUser object field, since it makes the api a lot worse.

Tihs means we still call ChorusUser::shell a few times (mostly in logins, but also in one mfa route).

The ratelimiter should be refactored at some point to allow an instance send unauthenticated ratelimited requests

Locks entities/mfa_token.rs to the client feature.

This representation is purely client sided, for a server sided
mfa token, you'd likely only store the expiration timestamp and
give the JWT to be handled by the client.

…ests

- add Enable and Disable TOTP MFA routes
- add Enable and Disable SMS MFA routes

- Adds the MfaAuthenticator type
- Renames AuthenticatorType to MfaAuthenticationType - these are ways we can authenticate, not types of authenticators
- Adds MfaAuthenticatorType, removes the old ReadyAuthenticatorType which was just this type in the Ready payload
- Adds the get_webauthn_authenticators route

changes:
- Removed the weirdness with EnableTotpMfaReturn and EnableTotpMfaResponse. I've realized we have not reason to hide a received token from library users, as they'll probably want to save it somewhere as well.
- For the same reason, made disable_totp_mfa return the new token
- Updated documentation on several mfa types
- Renamed type MfaVerificationSchema to MfaChallenge
- Renamed field mfa on MfaRequiredSchema to mfa_challenge

- Added two aliases for ChorusUser::complete_mfa_challenge, MfaChallenge::complete and MfaVerifySchema::verify_mfa