Stricter control on problematic state transitions
There are some corner cases in user state transitions that should be handled better:
- if we initialize encryption keys for a user with a new password, existing secondary authentication passwords (recovery, ASPs) must be cleared or we end up in a state where the user thinks the account is recoverable, but it isn't
- when the last 2FA token is cleared (otp or u2f), we must ensure that ASPs are cleared too
- probably others (modify the issue to add more)
Some of these things will require feedback on the actions taken to be returned in the response, to show the right UI to the user.