Implement WebAuthn passkey authentication

Add complete WebAuthn support for passkey registration and authentication:
- Install @simplewebauthn/server for WebAuthn utilities
- Create passkey-helpers.ts with base64url/Uint8Array conversion utilities
- Create webauthn.ts with registration/authentication option generation and verification
- Create context.ts with API context types
- Implement all WebAuthn router handlers (createRegistrationOptions, verifyRegistration, createAuthenticationOptions, verifyAuthentication)
- Implement passkey management handlers (listPasskeys, createPasskey, renamePasskey, deletePasskey)
- Add WebAuthn configuration constants and environment variables

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/index.ts

@@ -1,10 +1,19 @@
+import type { APIContext } from "./context.js";
 import { RPCHandler } from "@orpc/server/fetch";
-import { DEFAULT_PORT } from "./constants.js";
+import { createDb } from "@reviq/db";
+import {
+  DEFAULT_PORT,
+  DEFAULT_RP_NAME,
+  getAllowedOrigins,
+} from "./constants.js";
 import { router } from "./router.js";
 
+const db = createDb();
 const handler = new RPCHandler(router);
 
-const port = import.meta.env.PORT ?? DEFAULT_PORT;
+const port = Bun.env.PORT ?? DEFAULT_PORT;
+const allowedOrigins = getAllowedOrigins();
+const rpName = Bun.env.RP_NAME ?? DEFAULT_RP_NAME;
 
 Bun.serve({
   port,
@@ -12,8 +21,20 @@ Bun.serve({
     const url = new URL(request.url);
 
     if (url.pathname.startsWith("/api/v1/rpc")) {
+      // Build context for the request
+      const origin =
+        request.headers.get("origin") ?? `http://localhost:${String(port)}`;
+
+      const context: APIContext = {
+        db,
+        origin,
+        allowedOrigins,
+        rpName,
+      };
+
       const { response } = await handler.handle(request, {
         prefix: "/api/v1/rpc",
+        context,
       });
       return response ?? new Response("Not Found", { status: 404 });
     }