[Feature Request] Support fido2 hmac-secret

[ksy63]

The fido2 specification includes the hmac-secret extension that is supported by most vendors and can be used as substitude for a local password.

Recent contributions to systemd-homed have already provided an option to use hmac-secret for both login and automatic fscrypt decryption through pam. However, it would be great to have this feature available outside of systemd-homed as well.

A minor adjustment of the fscrypt-pam module could allow the use of the hmac-secret for fscrypt to provide the same functionality.

This could possibly be introduced as a fourth option during setup as well.

Related to #250

[stargazer1984]

Is there some way to sponsor this feature?
It sounds like it would not be too difficult to implement for someone familiar with pam modules and at the moment the only alternative is systemd-homed which still uses fscrypt v1 policy.