Allow users to validate their 2FA setup when its enabled

We currently just emit a code on user creation, but the user doesn't get to validate that the 2FA setup was done correctly by writing in an example code. It would be good to do that I think - even if the user gets it right, its a bit stressing if one hasn't done this several times already.

To make this happen, I think we should go for the refactoring in #167 first.