Propose enforcing the use of SSH keys when using 2fa on gitlab.com

Problem

Support gets a good number of 2FA removal tickets. They start with an autoresponder that details how to recover/remove without our interaction, but often users don't have SSH keys to recover the backup codes. This requires support's direct intervention and lengthens the process.

Idea

On GitLab.com, we enforce the need to have an SSH key when using 2FA. This would ensure users are equipped to recover/remove 2FA without support's interaction.

The ask

I want to discuss this here and see if there are reasons why this might not be a good idea. Comments, ideas, etc. 😄

cc @gitlab-com/support/dotcom especially, as y'all deal with this in much greater quantities.