ProjectPasskeys: Refactor MDS3 codebase and server config

[yackermann]

Configuration refactoring

• [ ] Deprecate mdsCertsFolder
• [ ] Deprecate mdsTocsFolder
• [ ] Deprecate authenticatorCertsFolder
• [x] replace metadataUrlsProvider with metadataServers [{"url": "https://mds.fidoalliance.org/", "certificate": "...base64 of certificate..."}]
• [x] Add metadataRefreshInterval to allow adjustment of when metadata is refreshed
• [x] #9248
• [x] Rename userAutoEnrollment to debugUserAutoEnrollment
• [x] Rename requestedCredentialTypes to enabledFidoAlgorithms
• [x] Rename skipDownloadMdsEnabled to disableMetadataService
• [ ] #9332

"disabled" means attestation "none" "monitor" means attestation "direct" but still accept if none return "enforced" means that credential creation will fail if attestation is not returned

• [ ] Deprecate assertionOptionsGenerateEndpointEnabled

[yackermann]

MDS Code Base refactoring

[TODO]

[yurem]

These 2 folders Fido2 uses for devices root certs:

Deprecate mdsCertsFolder
Deprecate authenticatorCertsFolder

Should we deprecate related to these folders functionality or there is replacement for this?

[yackermann]

There should not be a separate folder for device roots. All checks must be done against metadata @yurem

[yurem]

This is right approach. But how to do this edge cases if device not in MDS3 list yet? For example we also need to add SG roots.

[yackermann]

@yurem standard metadata will have the device root.