AttestationParser

Parses WebAuthn registration responses to extract the P-256 public key.

Two extraction paths, tried in order:

1. Level 3 publicKey field — DER SubjectPublicKeyInfo, parsed via Java KeyFactory (preferred)

2. CBOR fallback — attestationObject → authData → COSE key → x/y coordinates

Google Password Manager uses none attestation by default, which simplifies parsing.