DEV: Refactor webauthn to support passkeys (1/3) (#23586)

This is part 1 of 3, split up of PR #23529. This PR refactors the
webauthn code to support passkey authentication/registration.

Passkeys aren't used yet, that is coming in PRs 2 and 3.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

spec/lib/discourse_webauthn/challenge_generator_spec.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+RSpec.describe DiscourseWebauthn::ChallengeGenerator do
+  it "generates a DiscourseWebauthn::ChallengeGenerator::ChallengeSession with a challenge" do
+    session = DiscourseWebauthn::ChallengeGenerator.generate
+    expect(session).to be_a(DiscourseWebauthn::ChallengeGenerator::ChallengeSession)
+    expect(session.challenge).not_to eq(nil)
+  end
+
+  describe "ChallengeSession" do
+    describe "#commit_to_session" do
+      let(:user) { Fabricate(:user) }
+
+      it "stores the challenge in the provided session object" do
+        secure_session = {}
+        generated_session = DiscourseWebauthn::ChallengeGenerator.generate
+        generated_session.commit_to_session(secure_session, user)
+
+        expect(secure_session["staged-webauthn-challenge-#{user&.id}"]).to eq(
+          generated_session.challenge,
+        )
+      end
+    end
+  end
+end