Prevent security failure due to bad APP_ID

[zeripath]

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton art27@cantab.net

[lunny]

This PR fixed the first authentication failure problem when setup 2FA. But it still has not resolve the migrated U2F keys invalid problem. Of course I think that could be another PR.

[codecov-commenter]

Codecov Report

Merging #18678 (4611177) into main (4d93984) will decrease coverage by 0.00%.
The diff coverage is 38.59%.

@@            Coverage Diff             @@
##             main   #18678      +/-   ##
==========================================
- Coverage   46.64%   46.63%   -0.01%     
==========================================
  Files         846      846              
  Lines      121331   121367      +36     
==========================================
+ Hits        56595    56605      +10     
- Misses      57859    57888      +29     
+ Partials     6877     6874       -3     

Impacted Files	Coverage Δ
modules/setting/setting.go	45.77% <20.00%> (-0.34%)	⬇️
modules/queue/workerpool.go	51.44% <38.70%> (-4.43%)	⬇️
services/mirror/mirror.go	15.70% <41.17%> (+4.19%)	⬆️
models/unit/unit.go	47.82% <50.00%> (+0.92%)	⬆️
modules/queue/queue_bytefifo.go	47.60% <0.00%> (-1.85%)	⬇️
modules/queue/queue_disk_channel.go	60.66% <0.00%> (-1.26%)	⬇️
models/repo_list.go	75.66% <0.00%> (-0.49%)	⬇️
modules/queue/queue_channel.go	83.01% <0.00%> (ø)
... and 6 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4160aff...4611177. Read the comment docs.

[silverwind]

This kind of screams to be refactored using await 😉