If second_factor_confirmation is true, then administrators can confirm other administrators using a second factor. This is an alternative to clicking a URL from an email.
This should probably be moved to
AdminConfirmation that way we can be sure to have both workflow in the same place.
I think we’ve bypassing
guardian.ensure_can_grant_admin!(@target_user) with 2FA, which we don’t want to.