[PM-25473] Non-encryption passkeys prevent key rotation (#6359)

* use webauthn credentials that have encrypted user key for user key rotation

* where condition simplification

src/Core/Auth/Entities/WebAuthnCredential.cs

@@ -22,13 +22,30 @@ public class WebAuthnCredential : ITableObject<Guid>
     [MaxLength(20)]
     public string Type { get; set; }
     public Guid AaGuid { get; set; }
+
+    /// <summary>
+    /// User key encrypted with this WebAuthn credential's public key (EncryptedPublicKey field).
+    /// </summary>
     [MaxLength(2000)]
     public string EncryptedUserKey { get; set; }
+
+    /// <summary>
+    /// Private key encrypted with an external key for secure storage.
+    /// </summary>
     [MaxLength(2000)]
     public string EncryptedPrivateKey { get; set; }
+
+    /// <summary>
+    /// Public key encrypted with the user key for key rotation.
+    /// </summary>
     [MaxLength(2000)]
     public string EncryptedPublicKey { get; set; }
+
+    /// <summary>
+    /// Indicates whether this credential supports PRF (Pseudo-Random Function) extension.
+    /// </summary>
     public bool SupportsPrf { get; set; }
+
     public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
     public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;