Password requirement for WebAuthn external key (like YubiKey) should be optional

[krambrock]

When using a YubiKey for WebAuthn MFA, a password is mandatory for the key. Other platforms and applications (such as Google and Proxmox) permit the use of the key without a password, which, in my opinion, is more practical as a second factor of authentication.

I've briefly looked through the code in your repository at https://github.com/NHAS/webauthn but couldn't pinpoint the exact location where this configuration might be modified. Could you provide some guidance on how to adjust this setting?