[Web] Add forced 2FA setup and password update enforcement

[FreddleSpl0it]

Contribution Guidelines

• I've read the contribution guidelines and wholeheartedly agree them

What does this PR include?

Short Description

This PR adds two security and usability improvements to mailcow's authentication system:

1. Force 2FA Setup and Password Update Enforcement: Admins can now enforce 2FA setup and password updates for users, domain admins, and other admins via new checkboxes in edit forms. When enabled, users must complete these actions before accessing any resources (including SOGo).

2. Local QR Code Generation: Switched from external API (api.qrserver.com) to local BaconQrCode library for 2FA QR codes.

Key Changes

Force 2FA and Password Update:

• Added force_tfa and force_pw_update attributes with UI checkboxes
• Implemented modal-based enforcement during login
• force_tfa flag persists permanently to re-enforce if TFA is removed
• force_pw_update clears automatically after password change

Local QR Code Generation:

• Replaced QRServerProvider with BaconQrCodeProvider
• Added bacon/bacon-qr-code ^2.0 dependency
• TOTP secrets no longer sent to external services

Affected Containers

• php-fpm-mailcow

Did you run tests?

What did you tested?

• Login flow for all 3 user roles (admin, domainadmin, user)
• Force TFA only, force password update only, and both combined
• SOGo access blocking with pending actions
• TFA flag persistence after setup
• Temporarily disabled TFA handling
• QR code generation with BaconQrCode

What were the final results? (Awaited, got)

• Users are correctly enforced to set up 2FA or update passwords
• Modals appear and work correctly
• SOGo access blocked when pending actions exist
• force_tfa persists, force_pw_update clears after update

Additional Notes

• Updated directorytree/ldaprecord to v3.8.5 to fix composer.json/lock mismatch