More granular control over disabling 2FA options
Parent issue: #15337 (moved)
- Allow disabling one U2F device but not others
- Allow disabling one U2F device but not authenticator-based 2fa
- Disabling authenticator-based 2fa should disable all U2F keys as well (debatable?)