fix: resolve WebAuthn passkey compatibility with py_webauthn 2.7.0

- Fix aaguid type (str not bytes) in registration verification
- Fix missing credential_backup_eligible field (use credential_device_type)
- Remove invalid credential_id param from verify_authentication_response
- Fix origin detection to use browser Origin header for WebAuthn verification
- Add async database engine support (aiosqlite) for passkey operations
- Convert UserDatabase to async-compatible with sync/async session detection
- Update Database class to support both sync and async context managers

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/src/module/security/api.py

@@ -34,18 +34,18 @@ async def get_token_data(token: str = Depends(oauth2_scheme)):
     return payload
 
 
-def update_user_info(user_data: UserUpdate, current_user):
+async def update_user_info(user_data: UserUpdate, current_user):
     try:
-        with Database() as db:
-            db.user.update_user(current_user, user_data)
+        async with Database() as db:
+            await db.user.update_user(current_user, user_data)
         return True
     except Exception as e:
         raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
 
 
-def auth_user(user: User):
-    with Database() as db:
-        resp = db.user.auth_user(user)
+async def auth_user(user: User):
+    async with Database() as db:
+        resp = await db.user.auth_user(user)
         if resp.status:
             active_user.append(user.username)
         return resp