Return 400 instead of 500 when Origin is missing from FIDO2 requests

[abergs]

Description

Validate Origin in GetFido2Instance so a null value throws an ApiException(400) instead of letting the Fido2 library blow up with an unhandled ArgumentNullException.

Shape

Adds e2e tests and validation.

Screenshots

Checklist

I did the following to ensure that my changes were tested thoroughly:

• __

I did the following to ensure that my changes do not introduce security vulnerabilities:

• __

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 36.81%. Comparing base (279497d) to head (7f6bbf4).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #840   +/-   ##
=======================================
  Coverage   36.80%   36.81%           
=======================================
  Files         586      586           
  Lines       31474    31476    +2     
  Branches      903      904    +1     
=======================================
+ Hits        11585    11587    +2     
  Misses      19742    19742           
  Partials      147      147           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.