WebAuthn timeouts should not resolve the promise until the user has closed the timeout error dialog (if UI is enabled).

This is permitted by the current spec wording and no spec changes are needed: "In order to prevent information leak that could identify the user without consent, this step MUST NOT be executed before lifetimeTimer has expired."