Add FIDO U2F device based two-factor authentication

Hello out there,

since Github started to ship 2FA with FIDO U2F devices, I started to implement that for Gitlab. First of all: I never coded any piece of ruby or rails before, so expect some errors. ;-)

For your information I collected some of the docs/code I used: https://fidoalliance.org/specifications/overview/ https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html https://github.com/google/u2f-ref-code/blob/master/u2f-chrome-extension/u2f-api.js https://github.com/castle/ruby-u2f/

For the protocol handling of u2f the google u2f-api.js code and the ruby-u2f gem is used. So I added the glue code.

I moved all the 2fa related things in the profile into a new page, where you can handle both 2fa options. In order to enable u2f 2fa you also need to enable totp 2fa token. At the second login in page you can choose (or not depending the browser) between those two options. Currently only Chorme/Chromium supports FIDO U2F.

I'am not a software security expert, so I don't know, whether the rails code or the gem code have holes. I'am hoping to get some early feedback from you.