feat(fido): model Backup Eligibility and Backup State auth-data flags

[AlfioEmanueleFresta]

Problem

AuthenticatorDataFlags in libwebauthn/src/fido.rs models bits 0x08 (RFU_2_1) and 0x10 (RFU_2_2) as reserved. Per WebAuthn L3 §6.1, these are Backup Eligibility (BE) and Backup State (BS). CTAP 2.1+ uses the same layout. The bits are already parsed and round-tripped (from_bits_truncate keeps all eight, and to_response_bytes() returns the verbatim raw authData from #249), but no named flag or accessor surfaces them, so callers must read raw bits or re-parse authData by hand.

Why it matters

BE indicates a credential is eligible to be backed up or synced across devices (set once at registration, immutable thereafter). BS indicates it is currently backed up. Integrations use these for backup-aware UX and WebAuthn signal flows. Named flags are also clearer than two meaningful bits called RFU_*.

What needs doing

• Rename RFU_2_1 (0x08) to BACKUP_ELIGIBILITY and RFU_2_2 (0x10) to BACKUP_STATE in AuthenticatorDataFlags. Keep the bit values and from_bits_truncate path unchanged. Leave 0x02 and 0x20 reserved.
• Add accessors like backup_eligible() and backed_up() on AuthenticatorData (and/or MakeCredentialResponse / GetAssertionResponse). This is platform-facing UX/signal state, not a getClientExtensionResults() output, so keep it out of the IDL/JSON response types.
• Preserve exact byte round-tripping. Derive the flags from the parsed flags byte, consistent with the verbatim raw authData from fix(ctap2): preserve raw authenticatorData bytes #249. to_response_bytes() must keep returning raw bytes so the flags stay read-only.
• Extend the round-trip tests in fido.rs (test_serialize_auth_data and the verbatim-bytes test) with a case where BE and BS are set.
• Optional: BS should not be set without BE. If handled at all, only warn, never reject, to keep pass-through of the device's exact signed bytes.