Recovery codes are reset without feedback when a user logs in using recovery codes

[fylzero]

Steps to reproduce:
Fire up a fresh copy of Laravel with Jetstream, register a user, enable 2FA, then log in using a recovery code it appears this line resets the recovery codes without providing any notification to the end user.

fortify/src/Http/Controllers/TwoFactorAuthenticatedSessionController.php

Line 59 in db98499

$user->replaceRecoveryCode($code);

This would likely require a bit of a joint solve between Fortify and Jetstream but one I think could be worth looking into. Could be nice to add user feedback here or possibly a config option to disable the automatic code reset on use functionality in Fortify.

[driesvints]

I think the behavior is expected. It's more secure to invalidate the existing code. Most 2FA systems work like this I believe. But it's true that we should document this better, probably also with copy in Jetstream. Welcoming PR's for this.