feat: discoverable credential login

[james-d-elliott]

This implements BeginDiscoverableLogin and ValidateDiscoverableLogin which can be used to easily perform discoverable credential logins (commonly known as passwordless login, and previously known as resident keys). This is implemented via an interface that allows ValidateDiscoverableLogin to lookup the user credentials either by the credential ID or userHandle as per the spec. See https://w3c.github.io/webauthn/#user-handle.

[james-d-elliott]

As per #129:

This adds tooling to help facilitate discoverable logins.

The way the discoverable flow has been implemented relies on users utilizing a helper function (interface) to retrieve user credentials utilizing the userHandle. It breaks up the functions into the common elements and elements only required for standard logins and elements only required for discoverable logins.

In addition it requires people utilize the protocol.ParseCredentialRequestResponseBody / webauthn.ValidateDiscoverableLogin methods directly rather than relying on webauthn.FinishLogin methods. This is primarily for backwards compatibility but in addition it prevents unintentional discoverable logins from occurring.

This should be completely backwards compatible and appears to be in my testing. I can provide a reference implementation utilizing all these elements if desired.

ToDo:

• Decide if it's better for us to provide the kid with the UserHandle in the discoverable lookup func. This would allow a fully discoverable process where the server has no need to record the user information.

[james-d-elliott]

Regarding the ToDo:

From Webauthn Level 2:

The main use of the user handle is to identify the user account in such authentication ceremonies, but the credential ID could be used instead. The main differences are that the credential ID is chosen by the authenticator and unique for each credential, while the user handle is chosen by the Relying Party and ought to be the same for all credentials registered to the same user account.