Add OTP strategy

[Torkan]

Adds a first-class OTP (one-time password) authentication strategy to AshAuthentication. Users receive a short code (e.g. "XKPTMH") via email/SMS instead of a magic link URL, then submit it along with their identity to sign in.

How it works: The strategy derives a deterministic JWT ID from (strategy_name, user_subject, otp_code) via SHA-256. During request, it generates a random code, creates a JWT with that deterministic JTI, stores it in the existing TokenResource, and sends the short code to the user. During sign-in, it recomputes the JTI from the submitted code and looks it up — no new tables, actions, or schema changes to TokenResource needed.

Key features:

• Ambiguity-reduced default character set (excludes I/1, O/0, S/5, Z/2, etc.)
• Case-insensitive matching by default (configurable)
• Single-use codes by default (configurable)
• Optional registration support via registration_enabled? (upsert-based, like magic link)
• Pluggable generator module for custom code formats
• Auto-generated request and sign-in actions

DSL example:

strategies do
  otp do
    identity_field :email
    sender MyApp.OtpSender
  end
end