Consider only blinking useful tokens from DeviceSelector

[jschanck]

If a user has multiple connected tokens, we should only blink the ones that are "useful" for the request. For instance, if the request requires user verification, we should only blink tokens capable of UV.

We have to be careful to blink at least one token, i.e. we shouldn't leak the fact that none of the user's tokens are suitable, but otherwise this seems like it would improve user experience.