Two-factor simplification and improvements.

[jwag956]

Two-Factor setup. Prior to this release when setting up "SMS" the /tf-setup endpoint could be POSTed to w/o a phone number, and then another POST could be made to set the phone number. This has always been confusing and added complexity to the code. Now, if "SMS" is selected, the phone number must be supplied (which has always been supported). Other changes:

- The default two-factor-setup.html template now has a more generic `"Enter code to complete setup"` message.
- Make sure the `"disable"` option first. - Adding any currently configured two-factor method on setup failure. - The two_factor_verify template won't show the rescue form if it isn't set. - A GET on /tf-validate now returns the two-factor-validate-form always - before if the client was validating a new method, it would return the two-factor-setup-form - After successfully disabling two-factor the client is redirected to :py:data:`SECURITY_TWO_FACTOR_POST_SETUP_VIEW` rather than :py:data:`SECURITY_POST_LOGIN_VIEW`.

Also - make /us-setup/ a POST only endpoint. On /login and /us-signin - on GET reset any two factor session info (from a possible failed/interrupted 2fa setup).

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (2e98833) 98.34% compared to head (97c048c) 98.34%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #899 +/- ## ======================================= Coverage 98.34% 98.34% ======================================= Files 34 34 Lines 4480 4480 ======================================= Hits 4406 4406 Misses 74 74 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.