Add support for Yubikey PGP and U2F features

Originally created by @sonicsnail on #11565 (Redmine)

The OpenPGP smartcard and FIDO U2F features of Yubikey hardware security keys don’t work in Linux unless you add special udev rules. Even if you add the rules, they aren’t persistent in Tails. This means it’s currently not practical to use Yubikeys’ OpenPGP smartcard and FIDO U2F features in Tails.

Yubico has already done the work of creating the udev rules and instructions for installing them:
https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules
https://www.yubico.com/faq/enable-u2f-linux/

2. Go to https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules  and download or create a copy of the file named 70-u2f.rules into the Linux directory:
/etc/udev/rules.d/
3. Save your file, and then reboot your system.

The problem is that in Tails, the rules currently aren’t persistent. You can’t reboot or you’ll lose the changes. You can run sudo udevadm control --reload-rules after adding the rules file to make the changes take effect, but it’s still a pain to have to do this every session. And adding the rules requires setting an admin password, which users shouldn’t always be doing. But if we can build the rules file into Tails, Yubikeys should work automatically by default.

More info about this and a tutorial on putting PGP keys on a Yubikey with Tails: https://gist.github.com/ageis/5b095b50b9ae6b0aa9bf

Related issues

Has duplicate #12168 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information