Auth: 2FA Authentication

[AkhileshNegi]

Describe the bug
The POST /users/ route currently accepts unauthenticated requests and create a new user. These accounts default to is_superuser=false (so they can’t do much), but there’s no check to confirm who’s making the request.

Expected behavior
Only authenticated users should be able to create a account in the platform and can be done using 2FA