Create a PAM module that enforce GitLab 2FA over GIT SSH
There's customer demand to add support for 2FA over the command (for example https://fortinet.com), including 2FA support on command line for SSH. We should prioritize self-managed.
Create a GitLab Pluggable Authentication Module (PAM) to enforce GitLab 2FA behaviour, this module should exchange info with GitLab API about the user and if the user is using 2FA should ask for the token and exchange with the GitLab API for validation
PAM are usually delivered as .SO (Dynamic Library Objects), and the are usually developed on C/C++ or Python, we can check what are the options nowadays maybe Golang is now even an option