fix(encryptid): allow all authenticator types during passkey registration

Remove authenticatorAttachment:'platform' constraint so Firefox (and all
browsers) show security keys, phone-as-authenticator, and PIN options
alongside biometrics when registering a new passkey.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/encryptid/webauthn.ts

@@ -133,9 +133,6 @@ export async function registerPasskey(
     throw new Error('WebAuthn is not supported in this browser');
   }
 
-  // Check platform authenticator availability
-  const platformAvailable = await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
-
   // Generate user ID (random bytes, not PII)
   const userId = crypto.getRandomValues(new Uint8Array(32));
 
@@ -178,9 +175,10 @@ export async function registerPasskey(
         // Require user verification (biometric/PIN)
         userVerification: cfg.userVerification,
 
-        // Prefer platform authenticator, but allow cross-platform (security keys,
-        // phone-as-authenticator) on devices without one (e.g. Linux desktops)
-        ...(platformAvailable ? { authenticatorAttachment: 'platform' as const } : {}),
+        // No authenticatorAttachment constraint — let the browser offer ALL options:
+        // platform (biometrics, PIN, Windows Hello), security keys, phone-as-authenticator.
+        // Previously forced 'platform' when available, which blocked cross-platform
+        // authenticators on Firefox and other browsers with limited platform UI.
       },
 
       // Don't request attestation (privacy)