[Feature Request] Administrative MFA method registration

[MichaelGrafnetter]

MFA methods can only be registered in self-service flows, while superusers and user managers are able to delete existing MFA methods for other users.

I propose for superusers and user managers to have the ability to perform administrative MFA method registration on behalf of other users. This MFA registration flow would be especially useful if passwordless authentication using passkeys is enabled in the future (see feature request #362). It would then be possible to create users who do not even know their random passwords. It would also enforce MFA since the first logon of new users.

[aronmolnar]

This is a good idea.
We must check how complex this is (to implement and to maintain, e.g., in terms of duplicate code, etc.).

If the efforts are low to implement, we might put it to our backlog. It might make sense to implement it in the course of #362 (or after it was implemented) to avoid duplicate work.

Two reasons to rather prioritize it lower is that 1. we are not aware of any customers (especially Pro users, where user management is more important) who follow such a procedure of predeploying MFA key/passkeys and 2. most Pro customers with advanced identity management requirements disable local authentication and use SSO.