Cannot rotate keys if assigned IAM permissions require an MFA code to complete key rotation

Keyup is currently written so that keys can be rotated without entering an MFA code. In order to do this, keyup needs IAM users with assigned IAM permissions in the reference policy.

This is generally secure since the reference IAM policy allows key rotation without providing an MFA code; however, a user must enter an MFA code when initiating any other operation.

That said, many enterprise organizations will be prevented from using the reference IAM policy permissions and instead must protect all operations via 2-factor auth codes. This is a problem because keyup currently cannot rotate IAM keys if an MFA code is required.

Keyup must be modified to accommodate the use case where all operations, including rotating IAM access keys, require an MFA code.