[PM-1866] Duo Web v4 SDK upgrade poc

[jlf0dev]

Type of change

- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Adds the Duo Web v4 SDK nuget package to the identity and api projects. If Duo is enabled, we generate the Duo url in our token request and hand it off to the client. The Api project has the nuget package in order to validate the authorization code that will be received after the Duo 2FA process, but we could also do that in the identity server as well.

Note: We can get the clientId, clientSecret, and apiHost from the DB in the initial token request, but we'll need to send the returnUrl from the client on every token request since we won't know if the user has Duo enabled or not.

Client PR

Code changes

• file.ext: Description of what was changed and why

Before you submit

• Please check for formatting errors (dotnet format --verify-no-changes) (required)
• If making database changes - make sure you also update Entity Framework queries and/or migrations
• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team