Create a better API for handling various devices better

[hfossli]

It should be easy to configure for

• devices with SE & with passcode & with biometry
• devices with SE & with passcode & without biometry
• devices with SE & without passcode & with biometry (is this possible?)
• devices with SE & without passcode & without biometry
• devices without SE & with passcode
• devices without SE & without passcode

Fallback to .applicationPassword etc should be easy to do and it should be hard to forget devices / setups.

25

[hfossli]

I think in general it is better to try to create a key with highest security and then fallback instead of up-front trying to configure and guess the devices capabilities.

[hfossli]

Just a note: Setting .privateKeyUsage alone yields -25293 unless the key is stored on secure enclave