When we have some code merged, we should ideally get extension-phan and extension-seccheck running on the WebAuthn repo (like we do elsewhere and also on OATHAuth)
But extension-seccheck does have tests running on php70 built in... So we might want to use extension-seccheck-non-voting instead and just take note of php72 fails... Or rather than adding more skip-if for it...