authtok: add dedicated type for 2fa with single string
Currently the password type is used to send two-factor authentication
credentials entered in a single string to the backend, This is
unreliable and only works properly if password authentication is not
available for the user as well.
To support 2FA credentials in a single string better a new authtok type
Related to https://pagure.io/SSSD/sssd/issue/3264
Reviewed-by: Jakub Hrozek <firstname.lastname@example.org>