[PS-589] Fix emergency contact takeover device verification and endpoints for its settings

[fedemkr]

Type of change

• Bug fix
• New feature development
• Tech debt (refactoring, code cleanup, dependency upgrades, etc)
• Build/deploy pipeline (DevOps)
• Other

Objective

Fix issue when emergency contact takes over the owner's account by disabling 2FA for new devices login (device verification). Also added endpoints for getting/putting device verification settings.

Code changes

• TwoFactorController.cs: Added endpoints for getting/updating device verification settings
• User.cs: Added UnknownDeviceVerificationEnabled property to check whether the user has the feature enabled.
• UserService.cs: Added CanEditDeviceVerificationSettings(...) to check whether the user is allowed to edit the device verification settings and refactored a bit Needs2FABecauseNewDeviceAsync to use the new method as well.
• EmergencyAccessService.cs: Disabled device verification from the grantor to fix the emergency contact takeover block issue.
• ClaimsExtensions.cs: Added this to check if the user has been logged in using SSO, i.e. if it has a claim "idp" with value "sso".
• Others: DB migrations and tests.

Before you submit

• I have checked for formatting errors (dotnet tool run dotnet-format --check) (required)
• If making database changes - I have also updated Entity Framework queries and/or migrations
• I have added unit tests where it makes sense to do so (encouraged but not required)
• This change requires a documentation update (notify the documentation team)
• This change has particular deployment requirements (notify the DevOps team)

[justindbaur]

Overall really great. I just think true would be a sane default to establish at the database level.

[justindbaur]

Looks great!