Support FIDO metadata service version 3 for attestations

[tcannonfodder]

From https://developers.yubico.com/WebAuthn/Concepts/Securing_WebAuthn_with_Attestation.html#_recommendations

You can find the root certificates used to sign attestations on manufacturer websites (Yubico’s is here) or in the FIDO metadata service version 3.

The FIDO Alliance Metadata Service (MDS) is a centralized repository of the Metadata Statement that is used by the relying parties to validate authenticator attestation and prove the genuineness of the device model. MDS also provides information about certification status of the authenticators, and found security issues. Organizations deploying FIDO Authentication are able to use this information to select specific certification levels as required for compliance, and work through the security notifications to ensure effective incident response.

From https://fidoalliance.org/metadata/

[brauliomartinezlm]

Hi @tcannonfodder , thank you for opening this issue! Our usage of FIDO MDS is actually handled in a separate gem. Would you mind opening an issue there if there's an update to the spec https://github.com/bdewater/fido_metadata

[tcannonfodder]

Oh, I didn't know! I’ll do that, and open up a separate PR here to update the docs :)