add webauthn crud endpoints

added some simple validation to the delete endpoint for sanity, but
generally my assumption is that more validation will happen on the admin
side.

noteably im not checking whether the credentials are duplicated, nor is
there a uniqueness constraint in the database - I'm not sure if the
credential blob will always reliably be equivalent, and I believe the
browser should hopefully take care of dupes.

app/dao/webauthn_credential_dao.py

@@ -0,0 +1,39 @@
+from app import db
+from app.dao.dao_utils import autocommit
+from app.models import WebauthnCredential
+
+
+def dao_get_webauthn_credential_by_id(webauthn_credential_id):
+    return WebauthnCredential.query.filter_by(
+        id=webauthn_credential_id
+    ).one()
+
+
+@autocommit
+def dao_create_webauthn_credential(
+    *,
+    user_id,
+    name,
+    credential_data,
+    registration_response,
+):
+    webauthn_credential = WebauthnCredential(
+        user_id=user_id,
+        name=name,
+        credential_data=credential_data,
+        registration_response=registration_response
+    )
+    db.session.add(webauthn_credential)
+    return webauthn_credential
+
+
+@autocommit
+def dao_update_webauthn_credential_name(webauthn_credential, new_name):
+    webauthn_credential.name = new_name
+    db.session.add(webauthn_credential)
+    return webauthn_credential
+
+
+@autocommit
+def dao_delete_webauthn_credential(webauthn_credential):
+    db.session.delete(webauthn_credential)