Limit IBKR 2FA auto-fill submissions

[Pigbibi]

Summary

• default the 2FA bot to one auto-fill submission per process
• leave rejected/stuck auth windows for manual handling instead of repeatedly submitting TOTP codes
• document the current Mobile Authenticator app device setting and the submission limit

Verification

• python3 -m py_compile 2fa_bot.py
• bash tests/test_docker_compose_ports.sh

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 487da1ee39

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Parse max-submissions only when auto-fill is active

IBKR_2FA_MAX_SUBMISSIONS is parsed at import time, so the process exits on a non-integer value before validate_config() can honor IBKR_2FA_AUTOFILL=no. That changes the previous behavior where non-autofill mode skipped TOTP-related validation and still ran in monitor-only mode; with this commit, a malformed submission-limit env var can now prevent startup even when auto-fill is intentionally disabled.

Useful? React with 👍 / 👎.