LG 304 idv phone confirmation screen

[davemcorwin]

This PR removes the 'address' step, dropping the user on the phone verification screen immediately after identity resolution (session#create). The promotes the idea that the happy path is using phone to verify address, but there is still a link to use mail if necessary.

No cosmetic changes are here, those are in #2205

Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:

• For DB changes, check for missing indexes, check to see if the changes
  affect other apps (such as the dashboard), make sure the DB columns in the
  various environments are properly populated, coordinate with devops, plan
  migrations in separate steps.

• For route changes, make sure GET requests don't change state or result in
  destructive behavior. GET requests should only result in information being
  read, not written.

• For encryption changes, make sure it is compatible with data that was
  encrypted with the old code.

• For secrets changes, make sure to update the S3 secrets bucket with the
  new configs in all environments.

• Do not disable Rubocop or Reek offenses unless you are absolutely sure
  they are false positives. If you're not sure how to fix the offense, please
  ask a teammate.

• When reading data, write tests for nil values, empty strings,
  and invalid formats.

• When calling redirect_to in a controller, use _url, not _path.

• When adding user data to the session, use the user_session helper
  instead of the session helper so the data does not persist beyond the user's
  session.

• When adding a new controller that requires the user to be fully
  authenticated, make sure to add before_action :confirm_two_factor_authenticated.

[jmhooper]

Does it still make sense to use idv_address_complete? here? That looks like something we could tear out of Idv::Session now.

[davemcorwin]

idv_address_complete? is defined in that controller:

def idv_address_complete?
  idv_session.address_mechanism_chosen?
 end

I left it and didn't rename it because:

• we're still kinda sorta verifying address here
• the address mechanism is still important, it gets set when phone/usps verification is actually done and I didn't want to remove it.
• didn't want the PR to start ballooning, but if we should move or remove it, I can do that in a separate PR.

[davemcorwin]

@jmhooper Is this OK to leave for now?

[jmhooper]

👍. Let's just keep in mind that address method selection looks like a good place to start an Idv::Session refactor if somehow we ever get bored.