[DO NOT MERGE] Basic two-factor auth example

[jakerella]

I am submitting this PR for an initial look at how I've implemented two-factor auth in this example project. The basic idea is to have the user submit their email/password, verify those and send them a code (sending to mobile not implemented yet), then have them enter the code for a second verification before login. Note that this also should disable the base User.login() method, but I'm not sure if I've accurately done so.

To login:

1. Execute slc run and go to http://localhost:3000
2. Click on "Request Code" next to any name
3. Look in your server console and get the code, then enter it in the dialog prompt
4. Click on "Login Now" next to the same user (the button text should change for you)

As I said, this is NOT READY TO MERGE, but I wanted to get a look at it as I will be writing up a blog post on enhanced authentication mechanisms and this is my POC for Loopback.

At some point we can try to flesh this feature out some more and integrate it with the actual example.

[jakerella]

ping @raymondfeng (and anyone else) for review...

[raymondfeng]

/cc @superkhau @ritch @bajtos

[bajtos]

@jakarella is this pull request still relevant?

[superkhau]

@bajtos @jakerella Is not with IBM anymore, going to close due to maintenance burden.