1. According to the spec, either we have a single challenge with
   a number of `signRequests`, or a number of `signRequests`, each with
   it's own challenge.

2. Previously, we had both these - per-request challenges, as well as a
   single extra challenge.

3. This commit changes this so that the per-request challenges are
   removed, leaving only a single challenge, as per the v1.1 U2F API.

4. The existing implementation didn't work in Firefox, because the
   Firefox (extension) implementation is less flexible with regard to
   the inputs.

5. Fix teaspoon specs.

6. References: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#h2_background

This reverts commit 13e37a3e.

Without this sane default you would get the following error when you
tried to instantiate a new MergeRequest object with no argument (i.e.
`new MergeRequest();`):

TypeError: undefined is not an object (evaluating 'this.opts.action')
Signed-off-by: NRémy Coutable <remy@rymai.me>

- We added a `current_user.two_factor_via_otp?` check to the view. When
  rendering the view via the teaspoon fixture, `current_user` is `nil`.

- Move the `authenticate_with_two_factor` method from
  `ApplicationController` to the `AuthenticatesWithTwoFactor` module,
  where it should be.

- Move the `TwoFactorAuthsController`'s `new` action to `show`, since
  the page is not used to create a single "two factor auth" anymore. We
  can have a single 2FA authenticator app, along with any number of U2F
  devices, in any combination, so the page will be accessed after the
  first "two factor auth" is created.
- Add the `u2f` javascript library, which provides an API to the
  browser's U2F implementation.
- Add tests for the JS components

CHANGELOG item

This reverts commit 3e991230.

# Conflicts:
#	app/models/project.rb

Updated JS spec to include gl_form

Now it will work on any field inside that form, and it's easier to scope
new behavior, which is what we're adding next!