Of course, there are many ways to tackle "the Salesforce login OTP feature" for automation but the easiest one is to change the Trusted IP Range i.e. Add the IP address of the server where you are executing your script to trusted IP range in SF. Under Setup menu, go to Security Controls - Network Access and here you need to enter the IP address ranges of your machine/server as shown below. After lightning upgrade, I agree that execution against dynamic content and Shadow DOM still poses some challenges that usually end up consuming a lot of time than any other usual web application but with correct XPATH strategy it can be solved.
A blog about my testing stories where I pen down my thoughts about test automation covering primarily Selenium, Java, Rest Assured, Karate, Maven, TestNG, Postman, newman, Jenkins, Git, Azure DevOps, etc.