WebAuthn: support for platform authenticators

[Firehed]

This is inspired mostly by the WWDC20 track on Safari's FaceID/TouchID support. It may be as simple as adding some additional examples and test cases to the WebAuthn branch - theoretically none of the underlying crypto should change, but it needs a bit more research on the JS structure side.

Now that the dust has generally settled on the standard, the list of potential formats is here: https://www.w3.org/TR/webauthn-2/#sctn-defined-attestation-formats

• packed
• tpm
• android-key
• android-safetynet
• fido-u2f
• none (probably do not support this for security reasons)
• apple

[Firehed]

I'm starting to experiment with this on the support-touchid branch. Predictably, some of the prior assumptions about data format and flow (even ignoring the transition from FIDO to WebAuthn) make this pretty non-trivial.