don't swallow restricted characters in webauthn/totp names

Actually we want the name of a TOTP or Webauthn to match /[a-zA-Z0-9\-]+/ since we use as an identifier in different places, where properly sanitizing a UTF-8 value becomes tricky.

However, it seems that we just swallow the name and you are still allowed to enter them.

We should probably validate this upfront and give feedback of what is a valid name.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information