Adds handling for Auth0 one-time-code MFA factors at sign-in (fixes #1).
- Login pauses at the SMS / authenticator-app / email challenge and Home Assistant prompts for the code (new MFA step in the config flow); resumes once submitted. Covers fresh setup, reconfigure, and reauth.
- Push-notification, WebAuthn security-key, and voice factors surface an actionable error (approve in the MobileLink app, or switch to a code factor).
- Non-MFA login verified end-to-end against the live Auth0 tenant.
Fixes #1 (resume redirect malformed on accounts with SMS MFA).