Add passkey option on TOTP page and auto-trigger passkey for TOTP users

When a user has both passkeys and TOTP configured, auto-trigger the
passkey flow on login to save them from the password→TOTP path. Also
add a "Use Passkey Instead" button on the TOTP verification page as
an escape hatch for users who end up there.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/controllers/webauthn_controller.rb

@@ -148,7 +148,8 @@ class WebauthnController < ApplicationController
     # Only return minimal necessary info - no user_id or preferred_method
     render json: {
       has_webauthn: user.can_authenticate_with_webauthn?,
-      requires_webauthn: user.require_webauthn?
+      requires_webauthn: user.require_webauthn?,
+      has_totp: user.totp_enabled?
     }
   end