Use browser headers on login POST and MFA verify

Cloudflare detects the User-Agent switch between the sign-in page
(browser UA) and the login POST (GCM-iOS UA) and returns 429.
Use SSO_PAGE_HEADERS on both API calls to stay consistent.

Author: tobias-goertz

src/garth/sso.py

@@ -118,6 +118,7 @@ def login(
         "sso",
         "/mobile/api/login",
         params=login_params,
+        headers=SSO_PAGE_HEADERS,
         json={
             "username": email,
             "password": password,
@@ -217,6 +218,7 @@ def handle_mfa(
         "sso",
         "/mobile/api/mfa/verifyCode",
         params=login_params,
+        headers=SSO_PAGE_HEADERS,
         json={
             "mfaMethod": mfa_method,
             "mfaVerificationCode": mfa_code,