fido: Exempt platform authenticators from user-verification enforcement

In MakeCredential, if the authenticator has user verification "supported
and configured" and the request is not u2f only, user verification
requirement is forced to be "required". This change exempts platform
authenticators from this enforcement.

Change-Id: I7120e1a5c2ffd6064d29d47da64142918767a60d
Bug: none
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2124236Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/master@{#755477}

device/fido/make_credential_request_handler.cc

@@ -350,11 +350,14 @@ void MakeCredentialRequestHandler::DispatchRequest(
     // order to create a credential (as specified by CTAP 2.0), even if
     // user-verification is "discouraged". However, if the request is U2F-only
     // then that doesn't apply and UV must be set to discouraged so that the
-    // request can be translated to U2F.
+    // request can be translated to U2F. Platform authenticators are exempted
+    // from this UV enforcement.
     if (authenticator->Options()->user_verification_availability ==
             AuthenticatorSupportedOptions::UserVerificationAvailability::
                 kSupportedAndConfigured &&
-        !request_.is_u2f_only) {
+        !request_.is_u2f_only &&
+        authenticator->AuthenticatorTransport() !=
+            FidoTransportProtocol::kInternal) {
       if (authenticator->Options()->supports_uv_token) {
         authenticator->GetUvToken(
             base::BindOnce(&MakeCredentialRequestHandler::OnHaveUvToken,