feat(user): adds a force TOTP option per user

[Asheboy]

This allows for architectures where forcing all users of the collection to have 2fa enabled is not practical. This may be where both admins and frontend users are stored in the same collection, but only admin users require 2fa.

[GeorgeHulpoi]

There are a few problems:

• The forceTotp field is accessible to all users, including those with Role-Based Access Control. I believe this feature should be configurable through the plugin settings. Additionally, access to this new field should be customizable.

• The tests are insufficient. The account.spec.ts file focuses mainly on what the current user can do with their own account. Most tests should cover multiple scenarios:

  • forceSetup is false and the user does not have TOTP set.
  • forceSetup is false and the user has TOTP set.
  • forceSetup is true and the user does not have TOTP set.
  • forceSetup is true and the user has TOTP set.

For each case where forceSetup is false, you also need to add scenarios where forceSetup is enabled or disabled per user, and whether TOTP is set or unset.

• The field lacks i18n translations for all supported languages.