Allow admins to change the 2FA timeout

Summary

Currently, users have formTimeout seconds to fill the 2FA challenge

in Mail2F this can be overriden with mail2fTimeout. But this setting does not affect TOTP, WebAuthn, etc... which require significant user interaction too

Design proposition

Add a global sfLoginTimeout that applies to all 2F types (Main::SecondFactor):

$ott->timeout( $_[0]->{conf}->{sfLoginTimeout} || $_[0]->{conf}->{formTimeout} );