feat(auth): add TOTP 2FA setup and login verification

- add user twofa fields and migration

- add 2FA setup/enable/disable endpoints

- enforce OTP on login when 2FA enabled

- add web login OTP field and settings UI

app/auth/schemas.py

@@ -13,6 +13,7 @@ class RegisterRequest(BaseModel):
 class LoginRequest(BaseModel):
     email: EmailStr
     password: str = Field(min_length=8, max_length=128)
+    otp_code: str | None = Field(default=None, min_length=6, max_length=8)
 
 
 class RefreshTokenRequest(BaseModel):
@@ -56,6 +57,7 @@ class AuthUserResponse(BaseModel):
     bio: str | None = None
     avatar_url: str | None = None
     email_verified: bool
+    twofa_enabled: bool
     created_at: datetime
     updated_at: datetime
 
@@ -65,3 +67,12 @@ class SessionRead(BaseModel):
     created_at: datetime
     ip_address: str | None = None
     user_agent: str | None = None
+
+
+class TwoFactorSetupRead(BaseModel):
+    secret: str
+    otpauth_url: str
+
+
+class TwoFactorCodeRequest(BaseModel):
+    code: str = Field(min_length=6, max_length=8)