forgeSigil

Create a passkey + derive its did:key. Triggers the platform's Credential Manager UI on activity; the user picks an authenticator (device biometric / hardware key / etc.) and authorizes the create.

Emits SigilStatus.Creating → SigilStatus.Forged on success, SigilStatus.Error on cancellation / RP-id mismatch / other failure. Successful forges are persisted via prefs so the next session resumes in Forged state without re-running this flow.