Webauthn CLI login could be much easier

[indirect]

1. Webauthn tokens include user identity, so we could allow gem signin to jump straight to the browser-based webauthn flow:

$ gem signin
Signing in to RubyGems.org. Don't have an account yet? Create one at https://rubygems.org/sign_up
Username/email:  [press enter to provide a passkey in your web browser]

2. Other CLIs that provide web-based login allow you to skip copying and pasting the URL (or clicking on it, if your terminal supports that). For example, Stripe prints the URL but then lets you push enter to open that page in your browser:

Your pairing code is: a-b-c-d
This pairing code verifies your authentication with Stripe.
Press Enter to open the browser or visit https://dashboard.stripe.com/stripecli/confirm_auth?t=abcd (^C to quit)
⣷Waiting for confirmation...

3. The Webauthn path is completely separate from the OTP code path, but a good user experience would let you open the browser URL, try webauthn, realize you don't have your passkey, and then provide an OTP code instead (if you have one) to finish auth. We should provide a good web experience rather than a message that says the user should hit control-C and try again with the --otp flag provided up front.

4. The CLI should abort after however long the URL is good for. Today, it waits well after visiting the URL will show the message "The token in the link you used has either expired or been used already."

Here's what combining 2, 3, and 4 might look like:

$ gem signin
Signing in to RubyGems.org. Don't have an account yet? Create one at https://rubygems.org/sign_up
Username/email:  andre@arko.net
Password: xxxx

API Key name [machine.name-user-20240515190158]:
The default access scope is:
  index_rubygems: y

Do you want to customise scopes? [yN]

You have enabled multi-factor authentication. Press enter or browse to https://rubygems.org/auth_verification/QDccftuVuy?port=56418 so you can authenticate.
Waiting for up to one minute...