feat(auth): implement TOTP two-factor authentication with enrollment and verification

Adds TOTP (Time-based One-Time Password) two-factor authentication support including:
- New TOTP service with secret generation, QR code provisioning, and code verification
- New auth endpoints for enrollment, verification, status, and backup code management
- New TOTP authentication method type and user methods for TOTP management
- Backup codes generation and verification for account recovery
- Updated OIDC endpoints with timezone-aware datetime handling and RFC-compliant responses
- Added "roles" scope support for OIDC userinfo and ID tokens
- New pyotp dependency for TOTP operations
- Comprehensive unit tests for TOTP service

app/utils/constants.py

@@ -24,6 +24,7 @@ class AuthMethodType(str, Enum):
     """Authentication method types."""
 
     PASSWORD = "password"
+    TOTP = "totp"
     GOOGLE = "google"
     GITHUB = "github"
     MICROSOFT = "microsoft"
@@ -66,6 +67,13 @@ class AuditAction(str, Enum):
     # Auth method actions
     AUTH_METHOD_ADD = "auth.method.add"
     AUTH_METHOD_REMOVE = "auth.method.remove"
+    TOTP_ENROLL_INITIATED = "totp.enroll.initiated"
+    TOTP_ENROLL_COMPLETED = "totp.enroll.completed"
+    TOTP_VERIFY_SUCCESS = "totp.verify.success"
+    TOTP_VERIFY_FAILED = "totp.verify.failed"
+    TOTP_DISABLED = "totp.disabled"
+    TOTP_BACKUP_CODE_USED = "totp.backup_code.used"
+    TOTP_BACKUP_CODES_REGENERATED = "totp.backup_codes.regenerated"
 
 
 class OIDCGrantType(str, Enum):