tf/keycloak: add "Configure OTP" to default actions

When signing into GitLab, opting to create a new keycloak account results in being able to sign into GitLab without setting up OTP.

Since any subsequent login will require configuring OTP, it seems well advised to prompt for it as part of the registration process.