Because:
- The passkey routes needs to enforce business rules before touching the database
This commit:
- Implements PasskeyManager with the full passkey lifecycle: register, post-auth update, list, rename, delete, and bulk delete
- Adds name validation (empty/whitespace/too long) with PasskeyInvalidNameError (errno 229)
- Tightens updatePasskeyName to match on both uid and credentialId, preventing cross-user renames
- Guards maxPasskeysPerUser config with @Min(1) to prevent accidentally disabling registration
- Adds unit and integration tests for the manager
Closes #FXA-13064