[PM-15906] Implement single tap passkey flows

[SaintPatrck]

🎟️ Tracking

PM-15906
PM-12511
Resolves #3953

📔 Objective

Add a biometric prompt to the passkey registration and authentication flows.

The biometric prompt will be shown when creating or authenticating with a passkey if the user has supported device biometrics enabled.

This change also adds an isUserVerified flag to the Fido2 requests to determine if the user has verified their identity using the single tap flow.

Note

When vault timeout is set to immediate, users must unlock multiple times. This is intentional since the application is set to lock immediately after backgrounding and the passkey flow requires backgrounding the application after initial unlock and credential discovery.

📸 Screenshots

Device biometrics enabled

Vault timeout not immediate

Case	Before	After
Create	multi-tap-creation.webm	single-tap-creation-biometrics.webm
Auth	multi-tap-authentication.webm	single-tap-auth-biometrics.webm

Vault timeout set to immediate

Case	Before	After
Create		single-tap-creation-immediate-timeout.webm
Auth		single-tap-auth-immediate-timeout.webm

Device biometrics disabled

Vault timeout not immediate

Case	Before	After
Create		single-tap-creation-pin.webm
Auth		single-tap-auth-pin.webm

Vault timeout set to immediate

Case	Before	After
Create		single-tap-creation-pin-immediate-timeout.webm
Auth		single-tap-auth-pin-immediate-timeout.webm

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 331d7414-370b-45f1-8511-a8caaf8c4185

Great job, no security vulnerabilities found in this Pull Request

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.27%. Comparing base (a3096c0) to head (815e03b).
Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4547      +/-   ##
==========================================
- Coverage   88.31%   88.27%   -0.04%     
==========================================
  Files         603      603              
  Lines       40272    40318      +46     
  Branches     5697     5712      +15     
==========================================
+ Hits        35565    35592      +27     
- Misses       2721     2731      +10     
- Partials     1986     1995       +9     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.