Allow users to update their iCloud password when auth fails

[raman325]

Proposed change

I recently changed my iCloud password and noticed I had to delete and recreate the integration to update it. This change sets up a new discovery config flow when authentication fails that will update the password of the existing config entry. I saw multiple suggestions for how to handle this in home-assistant/architecture#377 but there hasn't been consensus yet, and I saw this pattern in other integrations such as airvisual and azure_devops so I thought it was a safe approach. One thing I did differently here was to create a frontend notification for the user so that the user had more context of what to do.

I tried to minimize changes to existing code, and verified that the exception that is being used to capture auth failing is always due to an incorrect email/password combo.

Type of change

• Dependency upgrade
• Bugfix (non-breaking change which fixes an issue)
• New integration (thank you!)
• New feature (which adds functionality to an existing integration)
• Breaking change (fix/feature causing existing functionality to break)
• Code quality improvements to existing code or addition of tests

Checklist

• The code change is tested and works locally.
• Local tests pass. Your PR cannot be merged unless tests pass
• There is no commented out code in this PR.
• I have followed the development checklist
• The code has been formatted using Black (black --fast homeassistant tests)
• Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

• Documentation added/updated for www.home-assistant.io

If the code communicates with devices, web services, or third-party tools:

• The manifest file has all fields filled out correctly.
  Updated and included derived files by running: python3 -m script.hassfest.
• New or updated dependencies have been added to requirements_all.txt.
  Updated by running python3 -m script.gen_requirements_all.
• Untested files have been added to .coveragerc.

The integration reached or maintains the following Integration Quality Scale:

• No score or internal
• 🥈 Silver
• 🥇 Gold
• 🏆 Platinum

To help with the load of incoming pull requests:

• I have reviewed two other open pull requests in this repository.

[probot-home-assistant]

Hey there @Quentame, mind taking a look at this pull request as its been labeled with an integration (icloud) you are listed as a codeowner for? Thanks!
_{^{(message by CodeOwnersMention)}}

[raman325]

I updated the logic to use SOURCE_REAUTH which was added in #40352 as a result of home-assistant/frontend#6808 which makes HA "re-auth needed"-aware

[Quentame]

Did not check the tests

[raman325]

BTW @Quentame I had made a suggestion in #36120 that's a bit ugly but would resolve that issue. On setup, when there is 2FA, we can store the timestamp for when that occurred in the config entry and then setup a followup callback to trigger a fresh token grab in the future (let's say 1 month from the last refresh).

[Quentame]

LGTM

[raman325]

test failure seems to be unrelated to this PR

[Quentame]

I am not used to see persistant notifications, but:
Is it possible to add a link to the integration page ?
Or directly the link to the integration re_auth flow ?

[Quentame]

@JulienFloris answered here #41315

[THATDONFC]

I appreciate the work being done on this. When it's time to re-authenticate iCloud I have to remove and re-add the integration. It would be so much quicker if I could just enter the code to authenticate when the authentication expires.

[raman325]

I think we are good on this PR, going to go ahead and merge it so that I can work on #36120 as it appears to be affecting a lot of users