feat(routes-f): two-factor authentication setup endpoint

[davedumto]

Overview

Implement app/api/routes-f/2fa/route.ts for enabling and managing two-factor authentication.

Scope

• GET /api/routes-f/2fa/status — returns current 2FA status for authenticated user
• POST /api/routes-f/2fa/setup — initiates TOTP setup, returns otpauth_uri and QR code data
• POST /api/routes-f/2fa/verify — confirms setup with a valid TOTP code
• DELETE /api/routes-f/2fa — disable 2FA (requires current TOTP code)

Acceptance Criteria

• TOTP secret stored encrypted at rest (AES-256)
• 5 backup codes generated on enable, returned once
• Verify enforces a 30-second window ± 1 step
• Route lives exclusively in app/api/routes-f/2fa/

Notes

Standalone — no dependency on other open issues.

[oraimoitel]

@oraimoitel has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

CAN I WORK ON THIS

ℹ️ Repo Maintainers: To accept this application, review their application or assign @oraimoitel to this issue.