FIX: User can't reset password with backup codes when only security key is enabled (#27368)

This commit fixes a problem where the user will not be able to reset
their password when they only have security keys and backup codes
configured.

This commit also makes the following changes/fixes:

1. Splits password reset system tests to
   `spec/system/forgot_password_spec.rb` instead of missing the system
   tests in `spec/system/login_spec.rb` which is mainly used to test
   the login flow.

2. Fixes a UX issue where the `Use backup codes` or `Use authenticator
   app` text is shown on the reset password form when the user does
   not have either backup codes or an authenticator app configured.

spec/system/user_page/user_preferences_security_spec.rb

@@ -45,9 +45,9 @@ describe "User preferences | Security", type: :system do
       find("#security-key .btn-primary").click
 
       expect(page).to have_css(".header-dropdown-toggle.current-user")
-
+    ensure
       # clear authenticator (otherwise it will interfere with other tests)
-      authenticator.remove!
+      authenticator&.remove!
     end
   end
 
@@ -106,9 +106,9 @@ describe "User preferences | Security", type: :system do
 
       # ensures that we are redirected to the destination_url cookie
       expect(page.driver.current_url).to include("/new")
-
+    ensure
       # clear authenticator (otherwise it will interfere with other tests)
-      authenticator.remove!
+      authenticator&.remove!
     end
   end