feat: add a new admin API to remove a specific 2nd factor credential

[supercairos]

This PR provide a way for an admin to remove a specific credential method.
For now, only 2nd factor methods are allowed (TOTP, Lookup Secrets, WebAuthn)
This endpoint can be used by support services to unlock a custom account in case they've lost they MFA device.

Following the discussion with issue #2505 i've decided to implement in the following way:
DELETE /admin/identities/{id}/credential/{type}
id: being the targeted user id
type: being one of the 2FA kratos supports (totp, lookup, webauthn)

Related issue(s)

#2505

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

I've moved the credentials config models found previously in the selfservice/strategy pkg to the identity package to be able to use them from the admin endpoints and to avoid some cyclic pkg inclusion

[aeneasr]

Very nice! Only a few nit picks :)

[codecov]

Codecov Report

Merging #2962 (b0b246f) into master (acf9261) will decrease coverage by 0.01%.
The diff coverage is 85.14%.

@@            Coverage Diff             @@
##           master    #2962      +/-   ##
==========================================
- Coverage   77.31%   77.30%   -0.01%     
==========================================
  Files         313      313              
  Lines       19454    19462       +8     
==========================================
+ Hits        15041    15046       +5     
- Misses       3254     3255       +1     
- Partials     1159     1161       +2     

Impacted Files	Coverage Δ
identity/handler.go	84.58% <75.40%> (-0.81%)	⬇️
identity/credentials_lookup.go	100.00% <100.00%> (ø)
identity/credentials_webauthn.go	100.00% <100.00%> (ø)
selfservice/strategy/lookup/login.go	76.47% <100.00%> (ø)
selfservice/strategy/lookup/settings.go	62.50% <100.00%> (ø)
selfservice/strategy/lookup/strategy.go	91.30% <100.00%> (ø)
selfservice/strategy/totp/login.go	80.39% <100.00%> (ø)
selfservice/strategy/totp/settings.go	61.48% <100.00%> (ø)
selfservice/strategy/totp/strategy.go	91.66% <100.00%> (ø)
selfservice/strategy/webauthn/login.go	62.50% <100.00%> (ø)
... and 9 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[supercairos]

Hi @aeneasr or @zepatrik any chance you had time to check this PR ? :)

[aeneasr]

Awesome, this is very neat! Also great tests! There's two things that need to be improved in the tests, but I think those changes should be doable in little time :) Once these are addressed, this is good to go to master!

[supercairos]

@aeneasr thanks for the review, I should have fixed all your raised concerns.

Let me know if it looks good :) 🙏

[aeneasr]

Great work!

[Linyhazel]

Hellooo the type is actually lookup_secret instead of lookup, maybe you can update the documentation :)