Advertise WebAuthn support (#29176)

This well-known indicates for password manager, that passkeys are supported.

source:
https://android-developers.googleblog.com/2023/10/make-passkey-endpoints-well-known-url-part-of-your-passkey-implementation.html

spec:
https://github.com/ms-id-standards/MSIdentityStandardsExplainers/blob/main/PasskeyEndpointsWellKnownUrl/explainer.md

routers/web/passkey.go

@@ -0,0 +1,24 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package web
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+type passkeyEndpointsType struct {
+	Enroll string `json:"enroll"`
+	Manage string `json:"manage"`
+}
+
+func passkeyEndpoints(ctx *context.Context) {
+	url := setting.AppURL + "user/settings/security"
+	ctx.JSON(http.StatusOK, passkeyEndpointsType{
+		Enroll: url,
+		Manage: url,
+	})
+}

routers/web/web.go

@@ -473,6 +473,7 @@ func registerRoutes(m *web.Route) {
 		m.Get("/change-password", func(ctx *context.Context) {
 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")
 		})
+		m.Get("/passkey-endpoints", passkeyEndpoints)
 		m.Methods("GET, HEAD", "/*", public.FileHandlerFunc())
 	}, optionsCorsHandler())