Removing the confirm step causes stripe failed payments (due to 3DS) to show up as paid

[ulysses-bull]

If you remove the checkout confirmation step and a 3D secure is needed, the order will be completed with payment status "paid" without the 3D secure popup appearing, but in Stripe dashboard the payment will have the status "requires_action".

Solidus Version: 4.0.0

To Reproduce

1. Setup a new store with the starter front end and stripe
2. Remove the confirmation step from the checkout flow, as suggested in the guides

#app/overrides/my_app/spree/order/remove_checkout_step.rb
# frozen_string_literal: true

module MyApp
  module Spree
    module Order
      module RemoveCheckoutStep
        def self.prepended(base)
          base.remove_checkout_step :confirm
        end

        ::Spree::Order.prepend self
      end
    end
  end
end

3. Create an order and pay using a stripe test card that requires a 3DS Challenge.

Current behavior
The order will be completed with payment status "paid" even if the 3D secure challenge has never been presented.

Expected behavior
Ideally, a 3DS pop-up should appear when the users tries to advance from the payment step. Since removing the confirm step could be considered a significant modification of the default/supported checkout flow, it might be reasonable to expect developers to handle presenting the 3DS challenge themselves, but, displaying a payment as paid when this was never the case on stripe's side is probably a bug.

Screenshots
Screenshot of expected pop-up:

Additional context
Currently, due to the acceptable transitions in the order state machine, removing the confirmation step will also raise an exception if a payment fails, as the order will attempt to transition from payment to payment_failed, which is not currently allowed.