feat: added endpoint to "elevate" permissions using webauthn

[dbarrosop]

The idea is to provide /elevate/webauthn and /elevate/webauthn/verify endpoints that work exactly like their /signin equivalents with the following differences:

1. Elevate requires a valid access token in the Authorization header matching the email triggering the challenge.
2. The session returned includes the added claim X-Nhost-Auth-Elevated: user-uuid

The idea is to allow users to add an extra security step to allow performing certain operations. For instance, a user could:

1. Allow the role user to select settings or view their profile.
2. In addition require the custom claim X-Nhost-Auth-Elevated: user-uuid to update/delete

Before submitting this PR:

Checklist

• [ ] No breaking changes
• [ ] Tests pass
• [ ] New features have new tests
• [ ] Documentation is updated

Breaking changes

Avoid breaking changes and regressions. If you feel it is unavoidable, make it explicit in your PR comment so we can review it and see how to handle it.

Tests

• please make sure your changes pass the current tests (Use the make test or the make watch command).
• if you are introducing a new feature, please write as much tests as possible.

Documentation

Please make sure the documentation is updated accordingly, in particular:

• Workflows. Workflows are Mermaid sequence diagrams
• Schema. The schema in a Mermaid ER diagram
• Environment variables. Please adjust the .env.example file accordingly
• OpenApi specifications. We are using inline JSDoc annotations

[changeset-bot[bot]]

🦋 Changeset detected

Latest commit: 0c2ff8b95cfcadd12d64ed49a59455715f92d2de

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

| Name | Type | | ----------- | ----- | | hasura-auth | Minor |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR