Spring Security Use dependency injection in webauthn filters to allow for customization

Expected Behavior I expect to be able to provide my own implementations for PublicKeyCredentialCreationOptionsRepository and HttpMessageConverter when using passkeys/webauthn, specifically to be able to save/load the options outside of a session.

e.g.,

@Bean
SecurityFilterChain webAuthnFilterChain(HttpSecurity http) throws Exception {
  return http.webAuthn(webAuthn -> { ... }).build();
}

@Bean
B2cPublicKeyCredentialCreationOptionsRepository customCreationOptionsRepo() {
  return new MyCustomB2cPublicKeyCredentialCreationOptionsRepository();
}

Current Behavior The webauthn filters just initialize their own instances on construction: https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.java#L59

WebAuthnRegistrationFilter at least has a setter to update it, but I'd have to use reflection to update PublicKeyCredentialCreationOptionsFilter.

Context I have another server forwarding the webauthn requests to a spring boot server, and will be storing the state externally and not in a session. My current workaround is to use reflection to update the private fields to use my implementation of B2cPublicKeyCredentialCreationOptionsRepository, but I feel that dependencies should be injected so they can be customized.

Comment From: rwinch

@levimiller-qhrtech Thanks for creating this ticket. I agree with the requests you have made (we will split it into two features though).

@kse-music put together a PR, but I asked for some changes. I'm waiting to see if he will make some changes I requested (I'm hopeful he will as he is very active/excellent contributor).

Comment From: kse-music

@rwinch I have split it into two PR (#16396 and #16397 ), can you help me review the code.

Comment From: rwinch

Thanks to @kse-music this is now resolved in main!