feat(passkey): expose AAGUID in passkey API response and accept optional friendly name during registration

[Diizzayy]

Summary

• Expose the authenticator's AAGUID in passkey list and registration verify responses
• Accept an optional friendly_name parameter during registration verify, falling back to the existing AAGUID-based default when omitted

Motivation

AAGUID in responses: The AAGUID is already stored on the WebAuthnCredential model but was never surfaced to API consumers. Clients need this to display provider-specific context, for example, showing the Google, iCloud Passkey, or 1Password icon next to each passkey in a management UI. Without it, every passkey looks identical, making it harder for users to distinguish between credentials from different providers.

friendly_name at registration: Currently, clients that want a custom passkey name (e.g. "Google Password Manager (Mar 14, 2026, 2:30 PM)") must register the passkey first, then immediately make a second PATCH request to rename it. Since the AAGUID is available in the authenticatorData returned by the browser's WebAuthn ceremony, clients can resolve the provider name before the verify call. Accepting friendly_name during registration eliminates that extra round-trip while remaining fully backward-compatible, omitting it preserves the existing AAGUID-based default name.

p.s. @fadymak have a look and let me know your thoughts