Support non-smartcard (HID feature) interface, including OnlyKey

[onlykey]

Following up from another discussion. I would like to discuss further supporting OnlyKey. Probably the first thing to mention is OnlyKey currently does not have a CCID usb interface. It supports challenge-response the same way as Yubikey which actually uses a USB keyboard interface. The communication is accomplished by sending HID feature reports (8 bytes of data at a time). One advantage of this approach is no UDEV rule is required as USB HID keyboards are supported natively.

[crosser]

Thank you for the suggestion. I generally disapprove of using USB-HID interface in a security gadget, because that

1. makes it unusable in other-than-desktop context (tablets and phones), and
2. potentially increases attack surface.

That said, supporting a pupular interface that is also used by low-end yubikeys would be a useful improvement to this PAM module, so I am keeping this open as a potential TODO item. Thanks again!

[onlykey]

@crosser Another common interface used by security devices is USB HID (FIDO U2F). This USB HID interface is different than using the keyboard interface. It generally communicates via 64bytes in/out. This would also be something to consider supporting as this is supported by many devices. Yubico has a PAM-U2F module.