Serialize attestation as webauthn

[msirringhaus]

This depends on PR #185 and tries to solve #183:

We deserialize from CTAP-format and serialize to webauthn-format.

This also simplifies the C-API a lot, with the only downside of needing to pass in the "force none attestation"-option.

If the token only speaks CTAP1, but the incoming user-request was 'CTAP2', this already works, thanks to #185. Only the pure CTAP1-case returns the raw data at the moment, and I think that case may go away entirely anyways.