Handle deleted account when checking whether MFA is setup

[janko]

It's possible that an account is signed in but the record gets deleted in the database, especially in development where it's common to clear testing data. When #uses_two_factor_authentication? is called, it ends up calling #has_password?, which errors if the logged in account record doesn't exist. I thought it would be nice if Rodauth gracefully handled that.

I also made two spec changes on the way: one was to use the PASSWORD_HASH_TABLE constant, the other was renaming the spec name to communicate that it's testing all MFA behavior.

[jeremyevans]

Thanks for the patch! I agree that this makes things nicer.