Server: 2FA: let users create and authenticate via backup codes

Platforms like GitHub allow users to create backup codes, which they can use to log into their account in case they loose access to their second factor (e.g. phone lost/damaged). Those codes can only be used once.

As reported by @mar1u5 in https://github.com/ChristophWurst/twofactor_totp/issues/27 it would be a nice enhancement if you could provide the same backup mechanism for any 2FA providers.

I have created a simpe 2FA provider app that enabled that exact functionality, see https://github.com/ChristophWurst/twofactor_backupcodes. It basically creates 10 codes that are hashed and stored to the db. User are then able to solve the 2FA challenge of that provider once with each code. Users can re-generate backup codes at any time, which will also delete older backup codes.

To have a nice, integrated solution I'd like to propose the integration of this provider into the nextcloud server. The provider should always be enabled, regardless of the users having 2FA enabled or not. This provider's challenge should only be used if at least one other 2FA provider is enabled for a user. The backup code provider should not be listed like other providers, but should be a link on the bottom next to the "Cancel log in" link. Something like "Use backup code".

cc @nextcloud/security
cc @LukasReschke @jancborchardt as discussed