RFE-925: Authenticator management guidance added (allow list/deny list)

[csalas-yubico]

Guidance for implementing an allow and deny list - along with other considerations for managing the authenticators allowed in an application

Guidance was for RFE-925, asking for deny list guidance for copyable passkeys