feat: UIA bypass for first cross-signing key upload
Details can be found here. This is required for SSO, but makes it easier to compromise accounts that refuse to setup cross-signing right away. Still, this would also require an attacker to have access to their password.