Make user.displayName optional?

[emlun]

This was brought up in #1942: Since PR #1932, the description of PublicKeyCredentialUserEntity.displayName includes:

[...] If no suitable or human-palatable name is available, the Relying Party SHOULD set this value to an empty string.

The motivation for this being that setting displayName to empty seemed preferable to setting both name and displayName to the same value. With this in mind, should PublicKeyCredentialUserEntity.displayName be made optional, defaulting to an empty string?

[emlun]

This change may be backwards-incompatible: RPs would still have to set a displayName value in case the browser hasn't yet updated to WebAuthn L3 and therefore would return an error instead of assigning displayName the new default value.

[MasterKale]

There's too much of a foot gun for RP's right now to consider omitting displayName when displayName: "" would maintain backwards compatibility with clients that hadn't updated to support optional displayName, if that change were to be made to the spec.

I vote we close this issue out, the benefits don't seem to outweigh the potential risks.