fix: use kSecAccessControlDevicePasscode as a fallback on IOS

[DorianMazur]

Closes #752

Added an LAContext capability check in SecAccessControlCreateFlags for iOS and visionOS.
If biometric flags are requested but no biometrics are enrolled, we now fall back to kSecAccessControlDevicePasscode.
This avoids Keychain creation failures on devices without Touch ID or Face ID configured.
Behavior remains unchanged when biometrics are available.