Recovery Codes: Add low-balance admin notice for recovery codes before they run out

[masteradhoc]

Is your enhancement related to a problem? Please describe.

Currently, Two_Factor_Backup_Codes::admin_notices() only surfaces a notice after a user has consumed every last recovery code (balance = 0). By that point the user has no self-service path left. This issue adds a second, earlier notice that fires while the user still has a small number of codes remaining — giving them enough time to regenerate before they are locked out.

This closes a gap from the recovery-improvements plan.

Current behaviour

admin_notices() in providers/class-two-factor-backup-codes.php returns early unless is_available_for_user() is false, meaning it only fires when the code count reaches zero:

// Return if we are not out of codes.
if ( $this->is_available_for_user( $user ) ) {
    return;
}

The profile UI already displays the live code count (via user_options()), but no proactive nudge appears in wp-admin to prompt regeneration before the user is completely out.

Proposed changes

1. Introduce a low-balance threshold constant and filter
2. Extend admin_notices() with two distinct notice levels
3. No changes to non-admin surfaces

Acceptance criteria

• No notice appears when the user has more than two_factor_backup_codes_low_threshold codes (default: 2).
• A yellow warning-class notice appears in wp-admin when codes remaining is between 1 and the threshold (inclusive), containing the remaining count and a link to the profile regeneration anchor.
• The existing red error-class notice still appears when codes reach 0.
• Both notices display only when the backup-codes provider is enabled for the current user (the existing early-return guard stays in place).
• The threshold is overridable via the two_factor_backup_codes_low_threshold filter.

Please confirm that you have searched existing issues in this repository.

Yes