feat(pin): add persistent token store trait and HID plumbing (2/5)

[AlfioEmanueleFresta]

Part 2 of 5 in a stack: #231, #232 (this), #233, #234, #235

This stack adds support for persistent pinUvAuthTokens (the CTAP 2.2+ pcmr permission), so a credential manager can list passkeys without re-prompting for the PIN on every launch or replug. Read-only credential management only.

This PR

The storage abstraction, with no flow changes yet:

• Adds a caller-supplied store trait for persistent tokens, plus an in-memory implementation for tests and single-process use.
• Wires the store through the USB (HID) channel.
• Documents the security contract. A persistent token is a long-lived secret, so production callers must provide durable, access-controlled storage. The library ships only the in-memory default and does not pick a backend.