Use libwebauthn for JSON request parsing

[AlfioEmanueleFresta]

This PR migrates JSON request parsing to use libwebauthn's WebAuthnIDL::from_json() trait instead of our custom parsing code. This removes ~700 lines of manual parsing in favour of the shared implementation.

Changes

• Use MakeCredentialRequest::from_json() and GetAssertionRequest::from_json() from libwebauthn
• Remove intermediate parsing structs (MakeCredentialOptions, GetCredentialOptions, CredentialDescriptor, etc.)
• Pin libwebauthn to commit d97c80d25bdb974472c40de5e5031db5946ad532 (from Web IDL support 3/N: response JSON serialization libwebauthn#155)

Behavioral changes

Default timeout

The default timeout when not specified by the relying party changes from 300s to 60s:

• Old:

  credentialsd/credentialsd/src/dbus/model.rs

  Line 211 in 03206d2

  timeout: other_options.timeout.unwrap_or(Duration::from_secs(300)),

• New: https://github.com/linux-credentials/libwebauthn/blob/d97c80d25bdb974472c40de5e5031db5946ad532/libwebauthn/src/ops/webauthn/timeout.rs#L3

Allow list transports

Previously we cleared transports from credentials in the allow list as a workaround. This is no longer done - transports now pass through as-is. These are just UI hints and shouldn't affect functionality.

Follow-up

• JSON response serialization will come in a follow-up PR
• This PR depends on Web IDL support 3/N: response JSON serialization libwebauthn#155
• Filed WebAuthnIDL: Default userVerification should be "preferred" per spec libwebauthn#157 for a userVerification default issue

[msirringhaus]

Left some questions inline

[iinuwa]

The default timeout when not specified by the relying party changes from 300s to 60s:

Haven't looked again at this full PR, but I'd like to preserve the 300 second timeout since that's the minimum timeout recommended by the spec for accessibility reasons.

I created linux-credentials/libwebauthn#172 to do that.