make hotp invalid after password reset

[i-oden]

Tested:

1. dds auth login --> fill in username and password --> get password prompt
2. Go to web and request password reset
3. Reset password
4. Use the one-time code received in the mail

This should fail. Before it was ok.

• Tests passing
• Black formatting
• [ - ] Migrations for any changes to the database schema
• Rebase/merge the dev branch
• Note in the CHANGELOG

[codecov]

Codecov Report

Merging #1054 (bd44287) into dev (ccca27f) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##              dev    #1054      +/-   ##
==========================================
+ Coverage   87.76%   87.78%   +0.01%     
==========================================
  Files          27       27              
  Lines        2975     2979       +4     
==========================================
+ Hits         2611     2615       +4     
  Misses        364      364              

Impacted Files	Coverage Δ
dds_web/database/models.py	93.97% <100.00%> (+0.05%)	⬆️
dds_web/web/user.py	82.21% <100.00%> (+0.07%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ccca27f...bd44287. Read the comment docs.