WebAuthn changes required for production

[dd32]

After #153 was merged, I attempted to enable it on WordPress.org, but ran into a number of problems.

• The plugin doesn't handle shared user tables very well, and ended up creating tables such as buddypress_2fa_webauthn_credentials and would create wordcamp_2fa_webauthn_credentials too. Additionally it would run dbDelta() every load on those sites for some reason.
• Use WebAuthn as the alternate provider text on login 'aint great; Use the text "Use your security key" as the alternate provider text on the login screen. sjinks/wp-two-factor-provider-webauthn#468
• The WebAuthn plugin doesn't respect the revalidation process yet
• The WebAuthn plugin doesn't employ caching, and calls to ::is_available_for_user() trigger SQL queries on each call, this is mostly our problem as we're filtering the primary providers, so the additional caching is maybe irrelevant. Ref: Enable WebAuthn plugin in wp-admin #153 (comment)
• After registering a new Security key, we should bump the session revalidation time. Ref: Enable WebAuthn plugin in wp-admin #153 (comment)

See #114

[dd32]

The WebAuthn plugin doesn't respect the revalidation process yet

Note: That's a two-pronged approach:

• pre-ajax processing it aborts the request if the session isn't new enough
• It wraps the UI with <fieldset disabled> which renders the buttons inoperable, but the links still load the disabled UI. Not pretty but works.

The WebAuthn plugin doesn't employ caching

I'm not sure this is strictly required, but as I'd already written the code before I realised that, I included it here.

[iandunn]

LGTM 👍🏻