Allow 2FA setup when password auth is disabled at group level

Proposal

#373718 (closed) is looking at disable password auth for Enterprise users tied to a group that chooses to disable it.

We should ensure that SSO/OAuth users are able to set up two-factor authentication if they previously had a password and the related feature is turned on (password authentication is disabled for the user).