fix(web-demo): pad base64url before atob in toArrayBuffer

passkey-crypto stores PRF salts and credential IDs as canonical
base64url (no padding). atob requires the input length to be a multiple
of 4 — without the padding it silently drops the trailing partial group
and the PRF extension receives a salt that's missing its last byte. That
bad salt produces a different PRF output, the derived password no
longer matches what attachPasskeyToWallet stored, and decryption fails
with ccm tag mismatch.

Pad with '=' up to the next multiple of 4 before atob.

Refs: WCN-194

TICKET: WCN-194

Author: derranW26

modules/web-demo/src/components/PasskeyDemo/index.tsx

@@ -166,7 +166,12 @@ function toArrayBuffer(val: any): ArrayBuffer {
     ) as ArrayBuffer;
   }
   if (typeof val === 'string') {
-    const b64 = val.replace(/-/g, '+').replace(/_/g, '/');
+    // Treat strings as base64url. Pad to a multiple of 4 before atob so
+    // unpadded base64url (the canonical form used by passkey-crypto) decodes
+    // correctly — without padding atob silently drops the trailing byte and
+    // the PRF receives the wrong salt.
+    let b64 = val.replace(/-/g, '+').replace(/_/g, '/');
+    while (b64.length % 4 !== 0) b64 += '=';
     const binary = atob(b64);
     const bytes = new Uint8Array(binary.length);
     for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);