This flow is triggered when the user deletes a from the UI.
Sync Factors are not manually removed by the user. This is usually done through other flows (e.g. when logging out).
Currently, Passkeys are enrolled into Turnkey to provide a fallback mechanism in case a Sync Factor is no longer available. When the requested operation cannot be completed with the Sync Factor (see PUBLIC_KEY_NOT_FOUND error), the client will use the Passkey to execute the operation instead.
Transitory: Currently, removing a Passkey factor while there is still an OIDC factor is not supported. This is because a Passkey factor is required to manage other factors (restriction on backup-service when adding other factors) and the Passkey is used to recover access to Turnkey should the Sync Factor fail.
Future Note: The current flow assumes that Turnkey is only used for OIDC Factors. This may change in the future (e.g. to support non-PRF Passkeys).
