This interplays with #136. Firefox will want to ship authenticator-rs using NSS (via something like neqo-crypto), however that makes compilation in CI complex. Let's add a trait and a runtime selector to switch between ring and not, for at least sign/verify.