Add support for passkeys to Hypha

[frjo]

Fixes #4563

This implementation uses duo-labs/py_webauthn: Pythonic WebAuthn directly implementing it own Django wrapper. This is so passkeys are used as a stand alone login method and not as a 2FA option.

The interesting parts are in passkey_views.py and passkeys.js.

Test Steps

• Test that setting up and logging in with passkeys works on Mac, Windows, iPhone, Android and Linux.
• Using built in OS support, using usb keys etc.
• Test that ENFORCE_TWO_FACTOR are bypassed for passkey users. Passkeys are more secure than 2FA.
• Audit the implementation for any issues.

[wes-otf]

This is exciting! looking forward to reviewing it in the next day or two!

[wes-otf]

pushing this to test now - is it possible to test locally? getting domain errors trying it on my setup

[frjo]

Test build will likely fail due to migration conflict. Fixed it just now in this branch. More migration conflicts will come, the translation PR have a lot migrations e.g.

If we push this to test and then do not merge this in before translate PR we will have to reset the test db a bit.

[frjo]

is it possible to test locally?

Yes, if you set base_url to "localhost". Then it will not require TLS either.

IP 127.0.0.1, hypha.test etc. will not work due to how browsers handle this for security.

This should work:

python manage.py runserver_plus localhost:9001