authentication

Adds passwordless customer sign-in with passkeys via WebAuthn/FIDO2. Exposes REST APIs and UI widgets for registration, login, and credential management, with safeguards like anti-enumeration, rate limiting, sign-count validation, and token-based sessions.