Add bin/auth list-factors and bin/auth strip to remove multi-factor auth
Summary:
Ref T4398. The major goals here is to let administrators strip auth factors in two cases:
- A user lost their phone and needs access restored to their account; or
- an install previously used an API-based factor like SMS, but want to stop supporting it (this isn't possible today).
Test Plan:
- Used bin/auth list-factors to show installed factors.
- Used bin/auth strip with various mixtures of flags to selectively choose and strip factors from accounts.
- Also ran bin/auth refresh to verify refreshing OAuth tokens works (small OAuth vs OAuth2 tweak).
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T4398
Differential Revision: https://secure.phabricator.com/D8909