Fixes sending SMS messages to unknown phonenumbers

[mapidentity]

This fixes an issue where the provider will send codes to any phonenumber given in the login screen. This is a potential abuse issue, since strangers should not receive (costly) messages. One exception is when allowing registration of new users.

Closes #47 (i think)

[cooperlyt]

Do you test this code in 'Authentication Everybody By Phone' Action ?

[mapidentity]

Do you test this code in 'Authentication Everybody By Phone' Action ?

I don't think this currently works with this provider. For example;

curl 'keycloak/realms/app/sms/authentication-code?phoneNumber=%2B5534990001234'

results in {"expires_in":60} but actually does not send a code. I believe this is because we can't distinguish between AUTH requests between these two providers / flows. A solution could be putting this behind an option (for example, --spi-phone-allow-sending-unknown or something like that). Better suggestions are very much welcome.

I've tested it with the registration flow, that does work.

[mapidentity]

@cooperlyt I'd like to move this forward to an acceptable pull request. Can you offer your thoughts on this matter?