Passkeys implementation design - ADR

In #366758 we started work on what would be needed to add in Passkey/WebAuthn support to GitLab to allow for passwordless authentication. There are a few stubbed tasks to start work in this area:

• FE - Add Passkey flow (Add Passkey Page) (#437809 - closed)
• FE - Sign-in with Passkey flow (Without 2FA) (#438401 - closed)

But before then, we'd like to review implementation plan and get app-sec input to ensure any security gaps aren't missed. We'd also want to start with POC or the changes with an experimental feature flag.

We have strong support from community contributors for starting this work so allocating 2-3w each milestones will likely provide bandwidth to complete MR reviews or share GitLab specific context with the contributors