signIn
Sign in with an existing passkey and pre-warm the wallet seed.
On a modern authenticator: one biometric prompt covers both the sigil DID derivation and the wallet seed pre-warm. On older authenticators: two biometric prompts (graceful fallback).
Side effects:
SigilStateStore gets the new sigil triple persisted (publicKeyHex stays empty — the assertion ceremony doesn't return the passkey's P-256 pubkey).
WalletSeedSource populates SeedVault with the derived BIP-39 seed so subsequent wallet ops hit cache.
Returns the SigilDerivation for the caller (typically the sigil panel ViewModel) to surface as SigilStatus.Forged.
Throws
if PRF is unavailable.
if the ceremony itself fails (cancellation, RP-id mismatch, missing credential).