Resolve issues of accessing settings object in parallel steps

[battre]

Solves #92

---

Preview | Diff

[equalsJeffH]

Overall the changes in this PR look fine, and it looks like it addresses the "accessing settings object in parallel steps" issues that exist in credman itself, though it does not address everything that webauthn needs.

A key item is that the create a credential alg needs to pass the current setting's object's origin to [[create]]() (see also further comments below: #93 (review))

More complexly, WRT webauthn, and credman upon return from webauthn's [[create]]() method, @domenic wrote in w3c/webauthn#472 (comment):

I think I would advise:

• [...]
• It never returns actual JS objects or messes with actual JS globals. Instead it returns the necessary data to create one. (Perhaps as an Infra struct.)
  • This also needs to be done for the exceptions, actually.
• The "request a credential" operation, after synchronously retrieving the error code or data necessary to create a credential, posts a task (going "back to the main thread") to actually do the object/exception creation and resolve/reject the promise.

Presently webauthn, in #createCredential's current step 26, does "mess with actual JS globals" in constructing a new PublicKeyCredential object to return to it's caller (credman's create a credential).

Given @domenic's feedback, and in looking at WebAssembly/design#1093 (now merged into here: https://github.com/WebAssembly/design/blob/master/Web.md), it seems to me the way to fix this up is to:

• update webauthn's #createCredential alg to not do "in parallel", and to return its data as a struct to its caller.
• specify, as a new subsection of #createCredential, the set of steps its caller needs to execute in order to take the returned struct and map it into a new PublicKeyCredential](http://w3c.github.io/webauthn/#publickeycredential) object alloc'd associated with the caller's global object.
• do the same for webauthn's #getAssertion
• update credman's create a credential aka create() and request a credential aka get() algs to execute steps supplied by the callee's [[create]](options, origin) and [[DiscoverFromExternalSource]](options) specifications upon the callee's return, in order to take the returned data and map it into a proper flavored new cedential object associated with the caller's global.

I'll work on a PR for credman to do this, building on this PR. for webauthn, I'll update the existing PR w3c/webauthn#498

pls let me know if I'm missing something....

[equalsJeffH]

A key item is that the create a credential alg needs to pass the current setting's object's origin to [[create]](), since webauthn's [[create]]() method (aka #createCredential) plugs in there and needs the relevant origin.

It looks to me like credman's [[CollectFromCredentialStore]](options) internal method was modified to be passed origin rather than modifying credman's [[create]]() internal method.

An adjunct thought/question that occurs to me is:

• perhaps all of credman's Credential Internal Methods ought to take an origin parameter? Tho, perhaps not all, e.g. [[store]]()?

see also further comments/thoughts in #93 (comment)

[equalsJeffH]

PR #100 works on addressing the items in the above review

[equalsJeffH]

shall we close this PR since it is effectively superseded by the now-merged PR #100 ?