[5.2] User: Allow MFA before password reset

[Hackwar]

Pull Request for Issue #43311, #39895, #29576.

Summary of Changes

When having MFA enabled for a user, you can't log out, can't force a password reset and can't setup MFA after first login.

Testing Instructions

1. Create a user and setup MFA for that user. Save the user.
2. For this new user, set the "Require password reset" flag.
3. Try to login from the frontend.
4. Setup a second user and have the user configuration enforce MFA for that usergroup.
5. Force the user to reset their password
6. Try to login from the frontend.
7. Setup a third user without MFA (remember to disable enforcing MFA in the user configuration again)
8. Force the user to reset their password
9. Login with the user and try to logout again

Actual result BEFORE applying this Pull Request

The user is stuck in a redirect loop or can't logout.

Expected result AFTER applying this Pull Request

1-3 The user gets shown the MFA captive view and can type in the required code. Afterwards the user is redirected to a page to update their password.
4-6 The user is redirected to setup MFA and then to reset their password.
7-9 The user is able to logout

Link to documentations

Please select:

• Documentation link for docs.joomla.org:

• No documentation changes for docs.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed

[bembelimen]

This needs to be moved to a new method and the old method needs a deprecation to be b/c