Is your feature request related to a problem? Please describe.
Since Nextcloud 14 2FA providers are stateful for enhanced security and performance. This means their enabled/disabled state per user is managed and persisted in the provider registry. Therefore providers can no longer dynamically decide if they should be enabled by the currently logging in user or not, which was possible up to Nextcloud 13.

Describe the solution you'd like
We could have a new IStatelessProvider interface where we move/copy over the legacy method IProvider::isTwoFactorEnabledForUser. On login, providers implementing this interface will be checked dynamically. Any failure to load will allow bypassing 2FA.

Describe alternatives you've considered
@rullzer proposed an alternative where providers can be made/tagged as "passive" and when their challenge page is shown the form is automatically submit where the provider can just let the user pass.

Additional context
n/a

Edit: We still have to make sure that if provider apps vanish, we don't let the users log in. Therefore we must have a table with active providers. And offer a command to remove providers from that table. If a users logs in and a stateless provider can't be found we lock down.