Move //device/u2f to //services/device once U2F bluetooth and CTAP support are in place and we have a better understanding of the appropriate layering. We are waiting because CTAP support might necessitate refactoring //device/u2f, and bluetooth support has some UI requirements. We may also be able to push more from the browser process in authenticator_impl to the U2F service once we have all the pieces together.

The proposed mojom at this time, for the record:
enum U2fError {
  FAILURE,
  INVALID_PARAMS,
  CONDITION_NOT_SATISFIED,
};

interface U2fRequestClient {
  OnSuccess(array<uint8> response);
  OnError(U2fError error);
};

interface U2fService {
  Register(array<uint8> challenge_hash, array<uint8> app_param, U2fRequestClient client);
  Sign(array<array<uint8>> registered_keys, array<uint8> challenge_hash, array<uint8> app_param, U2fRequestClient client);
};