fido2: properly handle case when no PINs are specified during auth

Also, drop redundant check for has_client_pin, which can never happen,
since we already filtered this case a bit further up.