Revalidation required when no providers enabled

[iandunn]

Describe the bug

If you disable all providers, you're still required to revalidate. You can't enable any providers until you do, but you get a fatal error when you try.

Uncaught Error: Call to a member function get_key() on null in two-factor/class-two-factor-core.php on line 742

Introduced in #529. I missed this during testing, but @adamwoodnz discovered it in WordPress/wporg-two-factor#160. His PR WordPress/wporg-two-factor#161 would fix downstream, but it looks like the root cause is located here.

Steps to Reproduce

1. logout
2. delete all _two_factor... usermeta for the user
3. add this to an to muplugin to make testing easier

   add_filter( 'two_factor_revalidate_time', function() {
   	return 30;
   } );

4. login, then go to wp-admin/profile.php
5. wait 30 seconds, and refresh. the Revalidate button will not appear, because you don't have a 2fa session. that's the correct behavior
6. now enable the Dummy provider, and immediately disable it (before the 30 second revalidation period expires)
7. wait 30 seconds for the period to expire, then reload profile.php again. The Revalidate button will appear, because the WP session data still indicates that it's a 2FA session. that's wrong, and prevents you from enabling any provider until you revalidate. if you try to revalidate, you get the fatal error.

[iandunn]

Fixed by #567