excludeList/allowList can be defaulted to a zero-length sequence in IDL instead of prose

[bzbarsky]

Instead of having https://w3c.github.io/webauthn/#dom-webauthentication-makecredential step 6 say

If excludeList is undefined, set it to the empty list.

it would probably be better to have the IDL for the ScopedCredentialOptions dictionary say:

sequence<ScopedCredentialDescriptor>  excludeList = [];

so you don't have to worry about this situation in prose at all.

[bzbarsky]

This applies to the allowList member of AssertionOptions too.

[equalsJeffH]

reopening because: excludeList aka excludeCredentials (along with allowList aka allowCredentials) was defined as defaulting to a zero-length sequence in commit 8963f21, but the = [] was dropped from excludeCredentials in some recent commit. We need to fix it.

[equalsJeffH]

I queued the fix for this in PR #495