fix(u2f): replace production assert! in U2F register response upgrade

`RegisterResponse::try_upgrade` asserts that the canonical CBOR
encoding of the synthesized COSE P-256 key is exactly 77 bytes. The
77-byte assumption holds for current `cosey 0.3` output, but is
implementation-defined: a future `cosey` revision adding an optional
field (e.g., `kid`) would round-trip to a slightly different size and
panic the host process. The recent panic-removal pass (commit 5df814b)
missed this site because `clippy::panic` does not lint `assert!`.

Replace the assertion with a typed length check that returns
`Error::Platform(PlatformError::CryptoError(...))` on mismatch.

Author: AlfioEmanueleFresta

libwebauthn/src/ops/u2f.rs

@@ -89,7 +89,18 @@ impl UpgradableResponse<MakeCredentialResponse, MakeCredentialRequest> for Regis
             y: y.into(),
         });
         let cose_encoded_public_key = cbor::to_vec(&cose_public_key)?;
-        assert!(cose_encoded_public_key.len() == 77);
+        // Canonical CBOR encoding of the COSE P-256 key is 77 bytes for the
+        // fields we set; return a typed error if a future encoder change
+        // produces a different length rather than `assert!`-panicking.
+        if cose_encoded_public_key.len() != 77 {
+            error!(
+                len = cose_encoded_public_key.len(),
+                "COSE-encoded P-256 public key is not 77 bytes"
+            );
+            return Err(Error::Platform(PlatformError::CryptoError(
+                "unexpected COSE-encoded public key length".into(),
+            )));
+        }
 
         // Let attestedCredData be a byte string with following structure:
         //