fix(test): Migrate more Mocha integration tests to Jest PART 2

[vbudhram]

Because

• The auth-server integration tests are being migrated from Mocha to Jest for consistency with the rest of the monorepo
• Continuing the migration started in FXA-12622, this covers the remaining remote test suites

This pull request

• Adds 12 new Jest remote test spec files (*.in.spec.ts) covering: MFA/TOTP, password change, password forgot, recovery codes, recovery email (change, emails, resend code, verify), recovery key, recovery phone, security events, and TOTP
• Adds mailbox.ts helper in test/support/helpers/ for shared email verification utilities
• Total of ~4,200 lines of new test coverage migrated from Mocha to Jest

Issue

Closes: https://mozilla-hub.atlassian.net/browse/FXA-12623

Checklist

• My commit is GPG signed
• Tests pass locally (if applicable)
• Documentation updated (if applicable)
• RTL rendering verified (if UI changed)

Other Information

Continuation of: FXA-12622 (which migrated the first 24 Mocha integration tests to Jest)

Jest File	Mocha File(s)	Mocha Assertions	Jest Assertions	Delta	Parity
mfa_totp.in.spec.ts	mfa_totp_tests.js	11	11	0	Full
password_change.in.spec.ts	password_change_tests.js + password_change_jwt_tests.js	49	55	+6	Full
password_forgot.in.spec.ts	password_forgot_tests.js	22	22	0	Full
recovery_codes.in.spec.ts	recovery_code_tests.js	24	24	0	Full
recovery_email_change_email.in.spec.ts	recovery_email_change_email.js	77	77	0	Full
recovery_email_emails.in.spec.ts	recovery_email_emails.js	216	214	-2	Full
recovery_email_resend_code.in.spec.ts	recovery_email_resend_code_tests.js	15	15	0	Full
recovery_email_verify.in.spec.ts	recovery_email_verify_tests.js	7	8	+1	Full
recovery_key.in.spec.ts	recovery_key_tests.js	32	33	+1	Full
recovery_phone.in.spec.ts	recovery_phone_tests.js	28	32	+4	Full
security_events.in.spec.ts	security_events.js	16	16	0	Full
totp.in.spec.ts	totp_tests.js	56	56	0	Full
Totals		553	563	+10	Full

Notes on deltas

• password_change (+6): Jest consolidates password_change_jwt_tests.js into the same file. Jest also uses explicit fail() guards where Mocha used .then(assert.fail, ...) callback pattern, adding to the count. Added 1 previously
  missing expect(initialStatus.verified).toBe(true) check.
• recovery_email_emails (-2): Two remaining .catch(assert.fail) patterns in Mocha are implicit with await in Jest (no assertion needed — promise rejection throws automatically). All value-checking assertions now have parity. Added 4 previously missing assertions: client.authAt, requestVerifyEmail() response, sendUnblockCode() response, and second unblock code check.
• recovery_email_verify (+1): Jest adds an explicit fail() guard not present in Mocha.
• recovery_key (+1): Jest adds an explicit fail() guard in try/catch replacing Mocha's .then(assert.fail, ...) pattern.
• recovery_phone (+4): Jest uses explicit fail() guards in try/catch blocks where Mocha relied on implicit promise rejection handling.
• All 12 files have full semantic parity — every value-checking assertion in Mocha has an equivalent expect() in Jest.