WIP: Password + Two Factor Authentication Support
This allows users to use a PBKDF2 + TOTP to login instead of email-based verification.
Patch is aimed to support SQL support for it; However there's no auth endpoint yet. Do note this is disabled by default. User is supposed to explicitly allow this after having the email validated.
Of course, if they enable this and then get rid of their email... They will be able to use all TMW services except password or TOTP code recovery.
(TOTP doesn't have to be mandatory, however; Would even be cool if you could just set a password and optionally enable 2FA... Oh well.)
PS. Required by MLAPIv2. Untested.