Allow support for decentralised group management using LargeBlob

[arianvp]

People want group info in their tokens (E.g. to map to groups in kubernetes) but we dont want to store group info on our servers.

https://www.w3.org/TR/webauthn-2/#sctn-large-blob-extension allows us to store arbitrary data alongside a public key. We could store a certificate signed with the owner's key and what group the person belongs to.

Flow:

1. owner Alice registers their webauthn credential per usual
2. Some UI exists to "invite" people to an "organisation" that is identifiied uniquely by your credential
3. owner invites user Bob using an invite link and
4. Bob sends a navigator.credentials.rgister request. This gets piped to Alice for approval (Maybe through WebRTC?)
5. Alice sees the register request; including the group that Bob has access to and needs to click 'Approve'
6. Alice signs the group claim with navigator.credentials.get and sends the result to Bob
7. Bob stores the signature in largeBlob
8. Bob presents the signature and Alice's public key on login to prove they're a member of Alice's org
9. webauthn-oidc issues and ID token with Alice as audience and group set to the group in signature

Webauthn-oidc does all the signature checking; and whoever trusts webauthn-oidc trusts the group claim that webautnn-oidc puts in the token

[arianvp]

Though there aren't any production keys on the market with largeBlob support if I am to believe the MDS; Yubico is so kind to provide me with a key that supports CTAP 2.1 / largeBlob