Create 2FA-related tables
Created by: flying-robot
The totp_secrets table exists to relate users to an encrypted TOTP secret key. Each user may have zero or one secret associated with their account.
The totp_recovery_codes table exists to relate users to a hashed TOTP recovery code. Each user may have zero or one recovery code associated with their account. If 2FA is enabled, a user will always have a recovery code which is replaced upon usage and whenever 2FA is reconfigured.
The security_event_logs table exists to house security-related events, similar to the normal event_logs table, but without the strict (and short) time horizon. For example, this is where we would record that a user had disabled 2FA, or used their recovery code, etc. A user may have emitted zero or many events, depending on when the table is observed.