Reduce max concurrent 2 factor codes

I was doing some analysis and saw that in the last 24 hours the most
codes that anyone had was in a 15 minute window was 3.

So I think we can safely reduce this to 5 to get a bit more security
with enough headroom to not have any negative impact to the user.

app/config.py

@@ -147,7 +147,7 @@ class Config(object):
     API_PAGE_SIZE = 250
     TEST_MESSAGE_FILENAME = 'Test message'
     ONE_OFF_MESSAGE_FILENAME = 'Report'
-    MAX_VERIFY_CODE_COUNT = 10
+    MAX_VERIFY_CODE_COUNT = 5
 
     # be careful increasing this size without being sure that we won't see slowness in pysftp
     MAX_LETTER_PDF_ZIP_FILESIZE = 40 * 1024 * 1024  # 40mb

tests/app/user/test_rest_verify.py

@@ -247,7 +247,7 @@ def test_send_sms_code_returns_404_for_bad_input_data(client):
 
 
 def test_send_sms_code_returns_204_when_too_many_codes_already_created(client, sample_user):
-    for _ in range(10):
+    for _ in range(5):
         verify_code = VerifyCode(
             code_type='sms',
             _code=12345,
@@ -257,14 +257,14 @@ def test_send_sms_code_returns_204_when_too_many_codes_already_created(client, s
         )
         db.session.add(verify_code)
         db.session.commit()
-    assert VerifyCode.query.count() == 10
+    assert VerifyCode.query.count() == 5
     auth_header = create_admin_authorization_header()
     resp = client.post(
         url_for('user.send_user_2fa_code', code_type='sms', user_id=sample_user.id),
         data=json.dumps({}),
         headers=[('Content-Type', 'application/json'), auth_header])
     assert resp.status_code == 204
-    assert VerifyCode.query.count() == 10
+    assert VerifyCode.query.count() == 5
 
 
 def test_send_new_user_email_verification(client,