Adopt changes from level 3 of spec

[Firehed]

https://www.w3.org/TR/webauthn-3/

So far, I've found the following (non-comprehensive) list of changes:

• JSON format handling, as noted in Add/improve support for native JSON APIs #41
• Improved documentation of conditional mediation
• Flags for credential backup eligibility and state in authenticator data
• Explicit recommendation about the credential record to be associated with the user
  • type
  • id
  • publicKey
  • signCount
  • uvInitialized
  • transports[] (note: this doesn't appear to be part of the signed, trusted data)
  • backupEligible
  • backupState
  • ?attestationObject
  • ?attestationClientDataJSON
• Explicit recommendation of the max length of a credential (<= 1023 bytes; §7.1¶25)
• Addition of optional topOrigin and crossOrigin fields to ClientDataJSON
• Signing (authn) response can include an AttestationObject; additional parsing described §7.2¶25

[Firehed]

Note: I think the credential record changes specifically are going to necessitate some large modifications to the codec logic, and could result in a fairly major BC break.

[Firehed]

A couple additional notes:

• The CredentialInterface name has always been somewhat conflicting with how RP apps want to name the storage value. The new spec seems to lean towards credential record as suggested terminology.
• Handling the "only treat this as MFA if uvInitialized was already set" is difficult to navigate (§7.2¶26#3)