Bug 30842: 2FA - Allow at least one old TOTP

Bug 30842: 2FA - Allow at least one old TOTP

We allow one old token when we are setting the two-factor auth, we
should reuse the same settings when validation the authentication
itself.

Test plan:
Setup 2FA for your logged-in user
Logout/Login
Have a look at the code and wait for 30 sec before using it (< 1min
however)

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f6110ce4170ced8ba246e295cc547c9794566ef1)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>