Passkey / FIDO2 support

(in that bitwarden thread, creating the passkey off-device seems essential)

if the corp portals offer webauthn fully - you could also use a hardware key?