Step-up authentication is a method to enforce revalidation of a user-session for high-security actions like logging out other sessions or entering admin-mode. Some services display a button like "Revalidate with OIDC", this would ideally be a step-up authentication instead of simply validating that OIDC is still logged in. Currently, there is now step-up auth configured. This issue tasks the implementation of a step-up auth flow in Keycloak (`auth.libre.moe`) to request either user password or 2FA revalidation, along with the integration into service likes GitLab, Nextcloud and co. for critical actions.