LG-14052: Add routes for mismatched WebAuthn platform attachment

[aduth]

🎫 Ticket

LG-14052

🛠 Summary of changes

Adds new routes and controller actions for behaviors set to be introduced with #11788 / LG-14052.

This extracts the changes from #11788 to include everything except changes to the initial setup experience (setting up mismatched authenticator as the inferred type and redirecting to the mismatch confirmation screen).

📜 Testing Plan

Because these routes will validate on the user_session[:webauthn_mismatch_id] session value assigned in future (#11788) changes to WebauthnSetupController, it's not possible to visit the new screen without manually altering the user session:

1. Prerequisite: Have an account with a Security Key or Face or Touch Unlock
2. Add a binding.pry breakpoint to AccountsController#show
3. Go to http://localhost:3000
4. Sign in
5. When breakpoint is reached, enter user_session[:webauthn_mismatch_id] = current_user.webauthn_configurations.pluck(:id).last
6. Release breakpoint (Ctrl+D on macOS)
7. Go to http://localhost:3000/webauthn_setup_mismatch
8. Verify "Face or touch unlock detected" or "Security key detected" screen showed, depending which MFA you have setup on your account
9. Click "Continue" or "Undo"
10. Observe that...

• If you click "Continue", you return to account page
• If you click "Undo", you're sent to the setup page for the inverse type of the screen shown. Returning to your account page should reveal that the authentication method is deleted.

👀 Screenshots

Language	Face or Touch Unlock	Security Key
English
Spanish
French
Chinese

[kevinsmaster5]

Changes look good to me.
Tested locally and confirm expected behavior.

[rileyseaburg]

Just saw this in my feed and wanted to give a kudos. Happy to see the progress on Webauthn Implementation, it's not easy!