Make OTP always be the last 2FA fallback

Summary

When OTP is enabled as a 2FA method alongside a passkey, the 2FA with a passkey user verification prompt is not given. Only OTP code verification is presented.

Expected Behaviour

Passkeys are the default 2FA method when at least 2FA option is enabled (OTP or second factor webauthn authenticators), with OTP as the fallback option.

Actual Behaviour

When both passkey and OTP are enabled for 2FA, only the OTP prompt is displayed.