Investigate callback-based API

[robin-nitrokey]

To avoid the need for owned Response types, we should investigate the use of a callback-based API in the Authenticator traits:

pub trait Authenticator {
    fn call_ctap2(&mut self, request: &Request<'_>, responder: ResponseBuilder<'_>) -> Result<Token<Operation>>;
}

Or:

pub trait Authenticator {
    fn call_ctap2<F>(&mut self, request: &Request<'_>, responder: F) -> Result<Token<Operation>>
    where
        F: impl FnOnce(&Response) -> Token<Operation>;
}

We could still enforce that exactly one response of the correct type is generated by consuming the responder and producing a Token that needs to be returned.

Goals:

• avoid allocations
• reduce stack usage and binary size
• reduce code duplication in ctap-types (owned and borrowed)
• reduce the need for fixed-sized buffers (reduce maintenance and complexity)