DEV: increase the length of backup codes

16 ^ 8 though not tiny but is a workable search space in the event of
breach, 16 ^ 16 is not.

spec/requests/users_controller_spec.rb

@@ -3548,7 +3548,8 @@ describe UsersController do
 
           response_body = JSON.parse(response.body)
 
-          expect(response_body['backup_codes'].length).to be(10)
+          # we use SecureRandom.hex(16) for backup codes, ensure this continues to be the case
+          expect(response_body['backup_codes'].map(&:length)).to eq([32] * 10)
         end
       end
     end