Because:
- On iOS/WebKit < 26.5.1, PublicKeyCredential.toJSON() crashes the WebContent
renderer (an uncatchable trap) when a prf extension output is present,
producing an infinite passkey-setup loop.
This commit:
- serializes the credential by hand from the WebAuthn Level 2 getters (rawId,
response.*, getClientExtensionResults) on both create and get, avoiding the
native toJSON() crash path.
- replaces the Level 3 parse-helper gate with a Level 2 baseline check
(isWebAuthnSupported) and decodes request options by hand, broadening passkey
support to all WebAuthn-L2 browsers.
- extracts shared base64url helpers (lib/base64url.ts) used by the serializer
and the WebAuthn helper storybook.
- syncs the functional-test WebAuthn polyfill to the L2-getter/serialize
contract and hardens it to reject malformed native options, and adds a
Chromium CDP virtual-authenticator smoke test exercising the real WebAuthn
stack end-to-end.
Issue: FXA-13991