[caissedepargne] for transfers, avoid EMV auth if present, choose SMS

Within a session, caissedepargne requires 2FA authentication for
transfers or adding recipients. Most often, it's an SMS. But for
creditcooperatif users, it might be EMV auth OTP by default. In this
case, on the website, the user can reject EMV auth and switch to SMS.

Reproduce here the fallback behavior. If it's SMS directly, it's ok. But
if it's EMV, switch to SMS.

In case of fallback, the SMS is sent after request_sms is queried, so it
must be queried _before_ raising TransferStep, not _after_ as it was
done it previous code. Thus, we save validation keys in browser state.