Change browser-side webauthn lib to webauthn-json
The initial implementation of WebAuthn in LLNG used the webauthn-ui js library to ease interaction with the browser's WebAuthn API.
However this library is starting to show its limitations:
- No support for Conditional UI
- No support for extensions other than appID
- No support for returning transports
This MR replaces this lib with webauthn-json:
- Smaller in size
- Simpler API
- Compatible with the JSON types used in draft WebAuthn specifications (PublicKeyCredentialCreationOptionsJSON/RegistrationResponseJSON etc.)
In order to avoid template regressions, and ease future migrations, I removed all mentions of .js files from the webauthn templates. They are now injected by perl code (with $req->customScript) which in my opinion is a better UI/backend separation than mentionning JS scripts in template files.
Let me know if everything is OK regarding licencing, copyright, etc (webauthn-json uses the MIT licence)