What?

Fix missing and broken internationalization (i18n) in the notification emails and user-facing admin notices.

Why?

Several user-facing strings were not translatable:

• The full email subject and body sent to users when their password is automatically reset (notify_user_password_reset) were bare English string literals — not wrapped in any translation function. Same for the admin notification email (notify_admin_user_password_reset). This means these strings are completely untranslatable regardless of the site's locale.
• The "revalidate your session" admin notice was split across two separate esc_html__() calls flanking a hardcoded <a> tag. This is an i18n anti-pattern: translators cannot reorder the inline link within the sentence, which is required in many languages where word order differs from English.
• A /* translators: */ comment in the email provider used $1$s/$2$s instead of the correct %1$s/%2$s format, causing translation extraction tools (WP-CLI, Poedit, GlotPress) to misidentify the placeholder format.

How?

• Wrapped the email subjects and message bodies in __( ..., 'two-factor' ) with appropriate /* translators: */ comments documenting each placeholder.
• Combined the split revalidate-session notice into a single __() call with the URL as a %s placeholder. The output is already passed through wp_kses_post() at the render site, so the HTML anchor in the string is safe.
• Fixed the translators comment typo in class-two-factor-email.php ($1$s → %1$s).

Testing Instructions

1. Install and set your website language to german f.e.
2. translate the new strings
3. Trigger the changed emails - check if the translations work
4. check translator comments

Changelog Entry

Fixed - Notification emails and admin notices were not fully translatable; fixed a translators comment placeholder typo ($1$s → %1$s).