Add comments explaining why WebAuthnCodecs needs some custom key parsing logic

Author: emlun

webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java

@@ -125,10 +125,13 @@ static PublicKey importCosePublicKey(ByteArray key)
     final int kty = cose.get(CBORObject.FromObject(1)).AsInt32();
     switch (kty) {
       case 1:
+        // COSE-JAVA is hardcoded to ed25519-java provider ("EdDSA") which would require an
+        // additional dependency to parse EdDSA keys via the OneKey constructor
         return importCoseEdDsaPublicKey(cose);
       case 2:
         return importCoseP256PublicKey(cose);
       case 3:
+        // COSE-JAVA supports RSA in v1.1.0 but not in v1.0.0
         return importCoseRsaPublicKey(cose);
       default:
         throw new IllegalArgumentException("Unsupported key type: " + kty);