fix: provide domain in session, passkey and u2f (#6097)

This fix provides a possibility to pass a domain on the session, which
will be used (as rpID) to create a passkey / u2f assertion and
attestation. This is useful in cases where the login UI is served under
a different domain / origin than the ZITADEL API.

proto/zitadel/session/v2alpha/session.proto

@@ -39,6 +39,11 @@ message Session {
       description: "\"custom key value list\"";
     }
   ];
+  string domain = 7 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "\"domain on which the session was created\"";
+    }
+  ];
 }
 
 message Factors {

proto/zitadel/session/v2alpha/session_service.proto

@@ -245,6 +245,11 @@ message CreateSessionRequest{
     }
   ];
   repeated ChallengeKind challenges = 3;
+  string domain = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "\"Domain on which the session was created. Will be used for Passkey and U2F challenges.\"";
+    }
+  ];
 }
 
 message CreateSessionResponse{

proto/zitadel/user/v2alpha/user_service.proto

@@ -587,6 +587,11 @@ message RegisterPasskeyRequest{
       description: "\"Optionally specify the authenticator type of the passkey device (platform or cross-platform). If none is provided, both values are allowed.\"";
     }
   ];
+  string domain = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "\"Domain on which the user is authenticated.\"";
+    }
+  ];
 }
 
 message RegisterPasskeyResponse{
@@ -658,6 +663,11 @@ message RegisterU2FRequest{
       example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
     }
   ];
+  string domain = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "\"Domain on which the user is authenticated.\"";
+    }
+  ];
 }
 
 message RegisterU2FResponse{