Remove auto-trigger of passkey authentication on page load

Safari's WebAuthn dialog can become undismissable when invoked without
a user gesture. Always require the user to click "Continue with Passkey"
instead of auto-triggering navigator.credentials.get().

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app/javascript/controllers/webauthn_controller.js

@@ -49,11 +49,9 @@ export default class extends Controller {
           }
         });
 
-        // Auto-trigger passkey authentication if required, or if user has both
-        // webauthn and TOTP (to save them from the password→TOTP flow)
-        if (data.requires_webauthn || (data.has_webauthn && data.has_totp)) {
-          setTimeout(() => this.authenticate(), 100);
-        }
+        // Don't auto-trigger navigator.credentials.get() — Safari's WebAuthn
+        // dialog can become undismissable when invoked without a user gesture.
+        // Always let the user click "Continue with Passkey" instead.
       } else {
         console.debug("No WebAuthn credentials found for this email");
       }