-RM-3650-MR-MFA only to validate sensitive actions

As a SP-protected web application operator,
I want to be able to use 2FA only to validate sensitive user actions,
so that sensitive actions are strongly protected and users are not required to use 2FA all the time.

→ handled by the application which must request stronger authentication to Shibboleth when it needs it

(from redmine: issue id 3650, created on 2016-04-13)