Update git submodules

* Update extensions/OATHAuth from branch 'REL1_43'
  to cf039f8e5a199b9fd2a093ef3a35b7c7aca76221
  - Fix multi-key handling
    
    Follow up on the multiple-authenticators work by replacing
    the user's 2FA module (of which there could only be one) with
    the user's 2FA keys in various places.
    
    Functional changes:
    * Add OATHUser::getKeysForModule() and a shortcut for the TOTP
      module (for typehint friendliness)
    * Filter modules for TOTP only in various places:
    ** ApiOATHValidate (which could maybe be more generic in the
       longer term, but would need some sort of support flag - it
       will definitely not work with WebAuthn).
    ** Lots of places that did the same filtering manually.
    * Do not throw in various places when the user has multiple kinds
      of keys:
    ** OATHUser::addKey()
    ** OATHUserRepository::loadKeysFromDatabase()
    * Keep throwing in OATHUserRepository::createKey() (which is what
      gates the use of multiple authenticators currently, and we want
      to preserve that until further UX improvements) but use an error
      page rather than an error.
    
    Code cleanup:
    * Replace OATHUser::setKeys() (only used in a single place, to
      remove a key) with removeKey().
    * Hard-deprecate OATHUser::getModule() and remove its uses.
    * Remove OATHUser::setModule(). Instead, use the first key in
      getModule().
    
    WebAuthn part of the change: Ib9a686171da67b334e80524629df406d10903391
    
    Bug: T242031
    Change-Id: I70241b9cfc036ea6439bf30ed724c1377a78d5c0
    (cherry picked from commit 511127a8edea3c6ac390fb8ff1269d6e07a2f845)

extensions/OATHAuth

@@ -1 +1 @@
-Subproject commit a8c75338a5abe48a727fd498da7b2e0ffe688dbd
+Subproject commit cf039f8e5a199b9fd2a093ef3a35b7c7aca76221