WebAuthn: Add user id to PublicKeyCredentialsCreateOptions, Authenticator and WebAuthnCredentials (#580, #581)

[mnylen]

Motivation:

Fixes #580 and #581

[mnylen]

~For some reason the eclipsefdn/eca action doesn't find my ECA, which I have signed. The Eclipse Foundation portal shows it as signed, the email address should match the email address on the commit, and the GitHub username should match the username configured on the Eclipse Foundation account. :/~

Seemed to have resolved itself.

[mnylen]

Updated the documentation also. Added a mention that it's up to the caller of createCredentialsOptions and getCredentialsOptions to store the challenge somewhere (with some ideas for where), so it can be retrieved in the second step.

Have to say, I don't super love that the authenticate method is the entrypoint for both registration and login. If the implementer isn't careful, it's all too easy to accept AuthenticatorAttestationResponse (webauthn.create) where AuthenticatorAssertionResponse (webauthn.get) is expected. This could open up a door to register an authenticator to another account through login.

To tackle this somehow, mentioned in the documentation that, when storing the challenge, implementer should scope the stored challenge to either login or registration, so it can only be used in that context. But maybe this is something we should tackle at the API level to prevent possibility for the user to make such mistake.