* implementation of passkeys as an auth mech
* listing the current passkeys when asking to remove one
* tweaking insecure dev server config so passkeys will work
* Fix domain rename
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
* working on debian builds again
* github actions tweaks
* fixed a ref in the build script
* updating makefile targets to include build profile env
* updates to docs and makefiles
* Instead of wasm_bindgen creating a JS snippet to externalize code, we're now loading pure-JS util functions from wasmloader.js (#[wasm_bindgen(raw_module = "/pkg/wasmloader.js")])
* Sign out is now a confirmation box instead of "oh no I have to log back in because I'm clumsy and clicked a thing"
* Now using the urlencoding crate for encoding the TOTP URLs because string replacing encoded characters felt like writing our own crypto (and now you can call yourself whatever arbitrary string you want)
* This fixed an issue in the web UI where the "Add a TOTP" interface would show URL-encoded things, but also made things easier for consistency.
* Moved the other web middleware objects into the middleware module because the main module was getting a bit unwieldy.
* Started auto-generating the integrity hashes in a different way on start up, which removes a middleware doing random string replacements to inject them, and means we can update modules without having to manually update the string values in the HTML.
* account person extend was showing failure when succeeding
* first run on a user profile page, did some other CSS tweaks to the UI
* UI neatening, profile wireframing, robotstxt, PWA manifest
* adding domain_display_name to webmanifest
* removing confetti loader (we still package it, for now)
* 📎-happiness
* updating WASM build scripts and rebuilding
* updated CSP headers to change self to 'self' and remove some insecure https: options
