Add method to disable an individual provider

[iandunn]

What?

Adds a Two_Factor_Core::disable_provider_for_user() method.

Why?

This provides parity with the Two_Factor_Core::enable_provider_for_user() method. It's not currently used by Two Factor itself, but it allows plugins to disable an individual provider directly, rather than having to know the internals and update meta keys, etc.

One example use case for that is WordPress/wporg-two-factor#223 (review), where a custom front-end UI was developed in React, using REST API endpoints.

Fixes #585

Testing Instructions

1. Enable a provider via wp-admin/profile.php and save
2. Add the following code in an mu-plugin. Replace the name of the provider with one you enabled.
   add_action( 'init', function() {
   Two_Factor_Core::disable_provider_for_user( get_current_user_id(), 'Two_Factor_Dummy' );
   } );
3. Refresh profile.php and see that the provider has been disabled. If another provider was enabled, it should now be set as the primary provider.

Changelog Entry

Added - New Two_Factor_Core::disable_provider_for_user() method provides parity with the Two_Factor_Core::enable_provider_for_user() method. It allows plugins to disable an individual provider directly, rather than having to know the internals and update meta keys, etc.

[pkevan]

Do we want to add some kind of caps check here to avoid a users' provider being disabled just by values being arbitrarily passed?

Not sure if this is covered by any of the other functions used, but probably worth noting if they are.

[iandunn]

🤔 There shouldn't be any ways for a malicious user to pass arbitrary values. This function isn't called by anything in Two Factor right now, it only exists to make things easier for plugins.

The companion function is used in Two Factor, but in all of those cases it's called from a REST API handler, which have permission_callback functions defined (example).

I added a comment in e84e061 for clarity.