[keycloak-dev] Added password token for totp logins

[Stian Thorgersen]

In the past when authenticating a user with totp we used to include the username and password in plain-text in hidden input fields on the login-totp form. This was not good in case this html gets cached.

I've improved this by adding a password-token type credential. The flow now is:

1. User logs in with username and password
2. Password is verified, if valid a password-token is generated (realm name, user id and timestamp encrypted with realm private key)
3. Redirect to login-totp, including password-token instead of password
4. User enters totp
5. Password token and totp is verified