Deleting 2FA App requires 2FA App's code

Describe the bug Unable to delete 2FA App (Google Authenticator) without 2FA app’s code

To Reproduce Steps to reproduce the behavior:

1. Go to Account > Security
2. Enable 2FA and add Google Authenticator (or MS Authenticator etc)

Expected behavior Be able to delete 2FA app without the code from that specific 2FA app. If you lose your phone for example…

Screenshots N/A

Desktop (please complete the following information):

• OS: Windows
• Browser Chrome
• Version 78.0.3904.108

Smartphone (please complete the following information):

• Device: N/A
• OS: N/A
• Browser N/A
• Version N/A

Additional context This can be found in user-security-totp-delete.controller.js > deleteDoubleAuthTotp it calls DoubleAuthTotpService.disable code before deleting however API enforces 2FA id AND 2FA code for /me/accessRestriction/totp/{id}/disable so it returns an error and does not proceed to DoubleAuthTotpService.delete.

This should be bypassed and go straight to DoubleAuthTotpService.delete.

I am happy to submit a pull request for this but would like to get some feedback first on the intended functionality and side affects of just skipping DoubleAuthTotpService.disable as I’m not too familiar with this code/api

The delete popup should also be altered to not require the 2FA code and instead have a confirm delete popup