When using the auth dialog, nmcli and other agents reject using as
secrets values without "IsSecret=true" option. Because of this, the
value entered by the user as challenge-response was ignored with the
"echo" mode enabled: because we were setting "IsSecret=false" to make
the input visible.

Instead of that, send a new "ForceEcho" option that is recognized by
nmcli and other agents since NM 1.46.

Additionally, prefix the "challenge-response" hint with
"x-vpn-challenge(-echo):" to make nmcli recognizing this request as the
2nd step of a 2FA authentication in all cases, avoiding to request the
password twice. This is also supported since NM 1.46.

This change is backwards compatible for clients that uses the
auth-dialog method to get the list of secrets to require: they pass the
hints to nm-openvpn-auth-dialog and it will understand the new
"x-vpn-challenge*" tags. These clients won't understand the new
ForceEcho but they will just ignore...