1. Passwordless toggle in Settings is now hidden when admin hasn't
enabled allow_passwordless in system config (or when user already
has it enabled — so they can still disable it). Backend exposes
allow_passwordless in /auth/status response.
2. Remove auto-trigger passkey ceremony on lock screen — previously
fired immediately when session locked for passwordless users.
Now waits for user to click "Unlock with passkey" button.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Kyle Pope
1b868ba503