Allow 2FA modules to be loaded in customPlugins (#3039)
This fix adds a trigger in findEP: if the loaded module is a 2FA module, register it with the engine
I had to change loadPlugins to loadModule in the 2FA engine init to avoid a chicken-and-egg situation. As a consequence, a 2FA module cannot have other endpoints (such as afterSub, hooks, etc) but this is probably for the best since it avoids having plugins with too many features