Add credential status and 2F opt in control to the REST API

As in title: two new endpoints are needed, to control status of a credential (removal, invalidation) and also 2nd factor opt-in status of a user.