Audit log when MFA has been used (success and fail)

[brynwhyman]

We need to have a full audit log of user activities. This is already the case for "logged in" as well as "failed login" events. But it doesn't specifically register this in the context of backup codes. We should provide event hooks for https://github.com/silverstripe/silverstripe-auditor to pick up (and implement those listeners in the auditlog module)

ACs

• MFA activities are logged to a point that it's useful for an auditing perspective
• logged in an access restricted, append-only external logging service which is already part of CWP

Notes:

• Initial list of MFA actions (may not definitive):
• Success login, which method (including recovery codes)
• Failed login, which method was attempted (including recovery codes)
• Compounding failed attempts
• Admin functions, like reseting backup codes, adding or removing registered methods
• Skipped registration
• This should cater for backend logs and db work. We'll handle any CMS views of this information in separate issue

Pull requests

• NEW Add extension points for audit logging in method registration, login and skip points #103
• NEW Auditor now has hooks for silverstripe/mfa method login and registration actions silverstripe-auditor#30

[robbieaverill]

@Firesphere has started a PR for the auditor module at silverstripe/silverstripe-auditor#27