Add 3rd party securitykeys/passkeys applications for broader support

[ben-grande]

Current problem (if any)

libfido2 is not working with Qubes CTAP:

• CTAP proxy: libfido2 cannot detect Qubes CTAP proxy QubesOS/qubes-issues#9001

Administering a CTAP key from the client is prohibited:

• Create a CTAP Qrexec service to allow administration of security keys QubesOS/qubes-issues#9696

I tried to use the Yubikey app through CTAP proxy and it didn't work. Didn't test Nitrokey app through CTAP.

fido2-token allows to administer a passkey, but it doesn't really work with all implementations. I could not reset a Yubikey with it (fido2-token -R -c /dev/hidraw2) but I did with the Yubikey app. Maybe Nitrokeys also have this problem.

Proposed solution

Installation formula for security keys applications on tpl-sys-usb:

• https://developers.yubico.com/yubioath-flutter/Releases/
• https://docs.nitrokey.com/software/nk-app2/installation_linux#manual-installation

I am normally against installing applications from outside the repositories because it can become a maintenance burden. I also don't like when it is not vendor neutral, such as fido2-token, but it doesn't completely work.

Another problem of not being vendor neutral is getting more requests to add 10 more vendor apps.... in the eyes of the user, "if I commit to these ones, why not commit to every other app".

The value to a user, and who that user might be

Users will be able to fully control their passkey through a GUI interface that supports all options their keys use.