FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)

Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).

app/assets/javascripts/discourse/models/user.js.es6

@@ -21,7 +21,11 @@ import { defaultHomepage } from "discourse/lib/utilities";
 import { userPath } from "discourse/lib/url";
 import Category from "discourse/models/category";
 
-export const SECOND_FACTOR_METHODS = { TOTP: 1, BACKUP_CODE: 2 };
+export const SECOND_FACTOR_METHODS = {
+  TOTP: 1,
+  BACKUP_CODE: 2,
+  SECURITY_KEY: 3
+};
 
 const isForever = dt => moment().diff(dt, "years") < -500;
 
@@ -375,6 +379,19 @@ const User = RestModel.extend({
     });
   },
 
+  requestSecurityKeyChallenge() {
+    return ajax("/u/create_second_factor_security_key.json", {
+      type: "POST"
+    });
+  },
+
+  registerSecurityKey(credential) {
+    return ajax("/u/register_second_factor_security_key.json", {
+      data: credential,
+      type: "POST"
+    });
+  },
+
   createSecondFactorTotp() {
     return ajax("/u/create_second_factor_totp.json", {
       type: "POST"
@@ -409,6 +426,17 @@ const User = RestModel.extend({
     });
   },
 
+  updateSecurityKey(id, name, disable) {
+    return ajax("/u/security_key.json", {
+      data: {
+        name,
+        disable,
+        id
+      },
+      type: "PUT"
+    });
+  },
+
   toggleSecondFactor(authToken, authMethod, targetMethod, enable) {
     return ajax("/u/second_factor.json", {
       data: {