Implement admin tools for account recovery

[di]

To make it easier for PyPI admins & moderators to process account recovery requests, there are few things we can do to make it possible for any admin/moderator to handle these requests and make it self-service as much as possible.

• [ ] Exposing the functionality for disabling 2FA in the admin (including issuing User events) so this doesn't require prod DB access
• [ ] Codify the initial process of sending an email to initiate the recovery process (as described here)
• [ ] Summarizing recent actions on the User account and their projects
• [ ] Summarizing download counts for the user's project to determine criticality
• [ ] Some link to allow the affected user to notify admins that the initial steps have been completed
• [ ] Take into account critical projects & maintainers, possibly requiring admin intervention in these cases.
• [ ] Notify co-maintainers, publish an event (possibly publicly)

Regardless of improvements, we'll still require that a human in the loop does the final review before resetting access to the account. We'll also need to handle edge cases where a project doesn't have a public source repository.

Open questions:

• Keep the original requests in the GitHub tracker? This helps with associating w/ a GitHub account, but strongly ties us to GitHub
  • Possibly explore generating these in PyPI based on a GitHub action in that repository
• Possibly: drop all roles that aren't sole owner, notify co-maintainers that they will need to vet and re-add?
• How do we establish & document a shared understanding of what requires further inspection
• Should we establish tiers? e.g. Tier 0: you have no projects. Tier 1: you have sole-owned projects that aren't widely used. Tier 2: you are co-maintainer on other projects. Tier 3: You are primary maintainer of a critical project.

ref: https://github.com/pypa/pypi-support/issues/796

[di]

After chatting with @ewdurbin: Two things that have the biggest impact:

• codifying the initial process of sending the email (with some human input to select the out-of-band URL used for proof of ownership)
• an admin button for disabling all 2FA, recovery codes for the user.

[woodruffw]

an admin button for disabling all 2FA, recovery codes for the user.

Doing this now.

[woodruffw]

• [ ] Notify co-maintainers, publish an event (possibly publicly)

Should this be another set of emails? If so, I can add it to https://github.com/pypi/warehouse/issues/13234.