Deprecate ui_only and migrate users to ui_and_gem_signin

[sonalkr132]

ui_only was added with our limited understanding of expected mfa levels. ui_and_gem_sigin better suits most usecases.
We should remove ui_only from all new mfa changes and show flash message to users with ui_only mfa to migrate to ui_and_gem_sign.
Perhaps at a later point, we should migrate ui_only users to ui_gem_signin automatically.

Is your feature request related to a problem?

ui_only level is not as safe as ui_and_gem_sigin.

Describe the solution you'd like

Remove ui_only level.

Additional context

#2500

[jenshenny]

#2994 adds a warning and redirects the user to the edit settings page if they have UI only enabled and is a MFA recommended user upon login. What do you think of removing the MFA recommended requirement and redirect + display a flash message for all accounts with UI only?

[sonalkr132]

What do you think of removing the MFA recommended requirement and redirect + display a flash message for all accounts with UI only?

Should be fine.

We should remove ui_only from all new mfa changes

We should also get this done sooner than later. More users who end up choosing ui_only, more users we have to migrate and annoy.

[sonalkr132]

Only item pending here is announcement that we will be migrating all ui_only to ui_and_gem_signin. A small blog post with whats being changed and why should do. After a month or so, we will migrate all ui_only to ui_and_gem_signin.

[jenshenny]

The blog post has been merged, a migration still needs to be created to run on Sept 22 to move users from ui_only to ui_and_gem_signin. I'll jump on this if no one else is interested :)

[jenshenny]

Adding an update for this. The rake task to migrate all the users on the UI_only to the UI_and_gem_signin level was run on Sept 22. Theoretically there should be no one of the UI only level anymore.

The last step to complete this migration would be to remove UI only from the code.