Django-mfa3

------------------

- Security fix: The admin login was not adapted, so it could be used to
bypass MFA. As a fix, django-mfa3 will now automatically patch `AdminSite`
so the admin login redirects to regular login. (CVE-2022-24857)
- Drop support for django 2.2
- Use a more efficient string encoding for FIDO2 messages

------------------

- Drop support for python 3.6, add support for python 3.10
- Drop support for django 3.1, add support for django 4.0
- No longer include MFA code in credentials for `user_login_failed`

------------------

- Add recovery codes. Check the example templates for references to
"recovery" to see what needs to be changed.
- Add new setting `MFA_METHODS` to change the set of enabled methods.

------------------

- Fix usage with custom User models that use a different username field
(thanks to Ashok Argent-Katwala)

------------------

- Security fix: Do not allow users to see the names of/delete other user's
keys (secrets were not leaked)

------------------

- Fix packaging: include .mo files