FEATURE: Use second factor for admin confirmation (PR #14293)

If second_factor_confirmation is true, then administrators can confirm other administrators using a second factor. This is an alternative to clicking a URL from an email.

GitHub

This should probably be moved to AdminConfirmation that way we can be sure to have both workflow in the same place.

I think we’ve bypassing guardian.ensure_can_grant_admin!(@target_user) with 2FA, which we don’t want to.