Add InteractionMode property to otp purpose during device authentication

[dkarkanas]

We need to differentiate between the 4-pin and biometric purposes during device registration.

Users completing the process in less than 30 seconds are encountering the error: Last token has not expired yet. Please wait a few seconds and try again.

[dkarkanas]

This fixes the brute force control for otp in device authentcation. The proper solution requires a SecurityStamp to UserDevice table, and use this stamp to the otp purpose

[cleftheris]

It is important to know that the only issue here is not consuming the otp after successful registration. This could be done by creating and maintaining a SecurityStamp on the device record itself that would force the otp to change after the device registration flow completes successfully. At the moment discriminating the purpose is good enough.

On a sidenote the bad request is triggered by a brute force control we have inplace so that for the same purpose we dont spam the sms gateway. It is implemented using a simple cache