Refactor Reauthenticate components to handle generic MFA challenges.

[Joerger]

The overarching change in this PR is the ability of all Reauthenticate flows to handle generic MFA challenges (sso, webauthn, otp) rather than handling each type differently or not at all.

Changes:

• Refactor useReauthenticate (used in the Reauthenticate components)
  • Return a submitWithMFA method instead of submitWithWebAuthn and submitWithOTP. SSO MFA will use submitWithMFA('sso').
  • Deprecate OnAuthenticated prop
  • Hold MFA challenge in state - prevents the current behavior of retrieving a new MFA challenge every time you open the component or switch between available options. We only need a fresh MFA challenge after the current challenge has been used up.
  • Use update MFA Options from WebUI MFA types refactor #49678 to derive reauth and register options from MFA challenge ^
• Update change/add device wizards according to useReauthenticate refactors.
• Use useReauthenticate for change password wizard to get the same changes described above.
• Update createPrivilegeToken endpoint to accept generic MFA response instead of TOTP or Webauthn, so it will now support SSO MFA.

TODO (follow ups):

• remove /e dependencies on OnAuthenticate, and remove it from useReauthenticate
• (Optional) Instead of getting a privilege token before adding/deleting a device, just use the mfa response directly.
  • This is a piece of work which has been forgotten after being made possible with Let authenticated users issue register challenges #32271
  • Note to self: we will still need to get a privilege token if the user clicks the otp register option since it would cash in the mfa response for the qr code, and as a result the user would need to reauthenticate to switch to webauthn. Also failure/cancel on the last step may need to go back to initial reauth step.

Prerequisite for supporting SSO MFA in device management (add/delete), connection tester (discover), change password, and account recovery flows.

Depends on #49678, #49679