bump, clean, and switch to using keycloak custom TOTP API

[costowell]

What

1. Bumps deps
   • Switch to using requirements.in requirements.txt pattern
   • Switch to using Flask-XCaptcha since Flask-ReCaptcha is old and incompat with Flask 3
2. Better error handling
   • If OTP code is invalid when confirming, the secret doesn't get erased
3. No more user impersonation (solves Fix TOTP settings #114)
   • Since we're using https://github.com/costowell/keycloak-totp-api/, we can register, unregister, etc. via keycloak API using any client that has the manage-totp role
4. Adds PR template
5. Adds Dockerfile

Why

1. Bumps deps
   • Yet another old ass flask app, its now in a little bit better shape
   • Side note: this is actually a nicely set up Flask app compared to others
2. Better error handling
   • Kind of annoying to have to add a new secret to your password manager if you missed it by a second
3. No more user impersonation
   • Using beautiful soup and filling the form is jank af
4. Adds PR template
   • Why not
5. Adds Dockerfile
   • Fuck S2I

Test Plan

1. Ran the happy path
   • Clicked 'Configure Two Factor'
   • Saved the secret in my password manager and input the code
     • It worked :D
   • Clicked 'Remove Two Factor'
     • It worked :D
2. Ran the less happy path
   • Clicked 'Configure Two Factor'
   • Input no code
     • It failed and told me I need to input a code
   • Input invalid code
     • It failed and told me the code was invalid

Env Vars

All RECAPTCHA_* become XCAPTCHA_*

Checklist

• Tested all changes locally