Test coverage seems low

[iandunn]

I ran an Xdebug report locally and the overall coverage was 34% before #427, and 23% after.

I'm not a coverage zealot, and don't think 100% is a reasonable, but 100% over the critical areas seems reasonable for a security plugin, especially before it becomes a canonical plugin or merges into Core.

sjinks/wp-two-factor-provider-webauthn has some e2e tests that might provide a head start. Adding more unit/integration tests would be nice too.

Using @codeCoverageIgnore on the untestable and low-severity areas would also help make it more obvious if everything that should be covered actually is.

Related: #467

[iandunn]

i didn't mean to close this with #469 , that just increased TOTP. I think it's worth examining the rest of the plugin as well (except U2F).

[iandunn]

It's not necessarily a priority for 0.8, though, unless y'all want it to be.

[iandunn]

Related #497