a suggestion for improving pkinit preauth plugin token choosing

[Sam Hartman]

I actually agree with henry that "please insert a token," should be out
of scope for preauth plugins.
My rationale is that the current prompter interface is kind of weak when
it interacts with GUIs etc, and the more we can avoid using it, the
better.

For example, what should that prompt read? "Press enter," may be right
for a CLI instance, but will be wrongish for gdm.

I suspect Henry and I may be in the rough on this point.