Issue WebAuthn assertion options bound to a user_code
Sessions
Issue WebAuthn assertion options bound to a user_code
Dashboard-side. Looks up the pending session by user_code, issues a
WebAuthn challenge bound to verify_session + { user_code }. Requires
the owner to have at least one enrolled passkey.
POST
Issue WebAuthn assertion options bound to a user_code
