feat: add TOTP MFA functions

[AlexCuse]

• add OTP related arguments to login / session token login
• add new functions for OTP related server calls
• document new functions and note server version required

[AlexCuse]

@cainlevy I think this should be good to go - I am not including the AMR claim on the JS side since we aren't in great shape to verify. Seems similar to what we did with the session ID and some of the other custom claims.

[AlexCuse]

This has some tests that should be failing (otp needs to be string | undefined). Not sure why CI came up clean. Going to try and add tests over the next week and a half or so.

[AlexCuse]

@cainlevy mind another look at this? I got down a bit of a rabbit hole trying to update MSW and ran into issues trying to use typescript dependencies with jest. Decided to give up and came back to fix the credentials type and add some tests using the old version.