Use requestSubmit() in form cleanup controller to avoid CSFR issues

See #1191

assets/controllers/helpers/form_cleanup_controller.js

@@ -62,6 +62,6 @@ export default class extends Controller {
             element.disabled = true;
         }
 
-        form.submit();
+        form.requestSubmit();
     }
 }

assets/js/webauthn_tfa.js

@@ -198,6 +198,7 @@ class WebauthnTFA {
     {
         const resultField = document.getElementById('_auth_code');
         resultField.value = JSON.stringify(data)
+        //requestSubmit() do not work here, probably because the submit is considered invalid. But as we do not use CSFR tokens, it should be fine.
         form.submit();
     }