Draft: Replace devise-two-factor auth with custom code

What does this MR do and why?

devise-two-factor is a blocker to Rails 7 upgrade. It relies on attr_encrypted gem that is not actively maintained and is not compatible with Rails 7 newly introduced native encryption. Avoiding devise-two-factor gem dependency let us be more flexible and, for example, use a fork of attr_encrypted that supports Rails 7 (or create our own).

It makes sense to gradually replace the gem with custom code that simply uses rotp gem. We don't need much more code for the custom implementation.

This current merge request replaces devise :two_factor_authenticatable with devise :database_authenticatable and modifies our own Devise strategy to use ROTP for verifying OTP codes.

If we accept the approach this merge request is taking on, then a follow-up to this issue will be replacing devise :two_factor_backupable with something like https://github.com/tinfoil/devise-two-factor/blob/main/lib/devise_two_factor/models/two_factor_backupable.rb. After that the gem can be removed (replaced with rotp gem that is currently used as a nested dependency)