[change] Allow cross organization registration with different identification methods

[pandafy]

Follow up to #304 (#315)

Consider the following scenario with two organizations:

• OrgA:
  • Does not require identity verification
  • Only uses email and password for registration
• OrgB:
  • Requires identity verification using phone number
  • Uses phone number, email and password for registration.

1. A user registers to OrgA using email and password. The user is able to login to OrgA as expected.
2. The user registers to OrgB. The server responds with HTTP 409 and a list of organizations user is already member of.
3. The user tries to directly login into OrgB leveraging cross organization registration.

Actual Result HTTP 403 Forbidden

Expected Result User is able to login to OrgB and is able to verify it's identity.

Some important points

• The user has registered using only email address with OrgA. After logging into OrgB, the system should initiate identity verification process.
• OrgB can have multiple identity verification methods enabled. The user should get an option to choose from any of them.
• For mobile number verification, an additional view might be required to get mobile number from the user.

[pandafy]

Potential corner case: The user should not face any difficulties in signing into OrgA while identity verification for OrgB is pending.