[pve-devel] [PATCH access-control + manager] tfa followup

[Wolfgang Bumiller]

This is a follow up to the previous series doing the following:
Convert the *ancient* user keys (from user.cfg) to new TFA keys
  when updating a user's tfa settings.
And support the ancient keys in the authentication code

Currently this causes a tfa & user config to be locked together
(so the lock fns are enforcing an order to avoid deadlocks).
We could *not* do that, but it *may* end up adding the old-old keys
twice... not really something that I'd expect to happen, but whatever,
support for these is most likely going to be dropped in PVE-8 anyway,
then the code handling this can also get dropped.

NOTE:
Since this is about backward support for old code from back when admins
needed to configure the user 2nd factors, the user facing side here is a
bit minimalistic: The old keys will not be visible in the TFA panel
until the user actually makes a change, since they come from different
sources...

BUT, since we're now adding recovery key support, the best option here
is for users to simply add a set of those, which will automatically pull
in the old keys into the new config.

On the pve-manager side: use the existing libjs-qrcode package