[feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions

internal/processing/account/move.go

@@ -25,6 +25,7 @@ import (
 	"slices"
 	"time"
 
+	"codeberg.org/gruf/go-byteutil"
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
@@ -70,8 +71,8 @@ func (p *Processor) MoveSelf(
 	}
 
 	if err := bcrypt.CompareHashAndPassword(
-		[]byte(authed.User.EncryptedPassword),
-		[]byte(form.Password),
+		byteutil.S2B(authed.User.EncryptedPassword),
+		byteutil.S2B(form.Password),
 	); err != nil {
 		const text = "invalid password provided in Move request"
 		return gtserror.NewErrorBadRequest(errors.New(text), text)