Inject passkeys scripts at document_start

[varjolintu]

Loads passkey injection script at document start. It gives a higher probability to catch WebAuthn requests made by the browser. There are several sites that do this before the document loading is finished.

Also wraps the content of passkeys.js inside async so the variables and functions will no leak to the site.

Fixes #2431.
Fixes #2434.

Testing strategy

Manually. If Chromium based browser is used, the manifest_chromium.json must be copied manually over the default manifest.json.

Type of change

• ✅ Refactor (significant modification to existing code)

[dionorgua]

@varjolintu please let me know you need more testing from my side with Ping ID

[droidmonkey]

Will give this branch a solid test today

[a2kolbasov]

Manually tested in Firefox. On sites

• https://gitlab.com/
• https://accounts.zoho.eu/

the error is fixed, a passkey request occurs on the first try.

On https://app.simplelogin.io/ the script still doesn't have time to override properties before a request.

(location of console.debug)

diff --git a/keepassxc-browser/content/passkeys.js b/keepassxc-browser/content/passkeys.js
index 4ca7e9c..3da1638 100644
--- a/keepassxc-browser/content/passkeys.js
+++ b/keepassxc-browser/content/passkeys.js
@@ -207,6 +207,7 @@
         Object.defineProperty(window.PublicKeyCredential, 'isUserVerifyingPlatformAuthenticatorAvailable', {
             value: isUserVerifyingPlatformAuthenticatorAvailable,
         });
+        console.debug('[*] kpxc-passkeys loaded');
     } catch (err) {
         console.log('Cannot override navigator.credentials: ', err);
     }