Require 2FA via authenticator to be set up before enabling U2F
Parent issue: #15337 (moved)
- Don't allow setting up U2F before a user sets up an authenticator application
- A user shouldn't lose access to their account if they lose their U2F key
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3905#note_11616033