Metadata for Multiple Trust-Frameworks

[ubamrein]

There are situations, where multiple trust-frameworks need to be supported by one issuer for the same credentials. Especially for credentials that are issued in (trust-framework) border-regions (e.g. Switzerland vs EU). As such the standard would benefit from a explicit specification on how to do this.

@c2bo suggested to use application/jose+json for such purposes as it is used in OpenID4VP. This fits the recently discussed and merged change to remove signed_metadata (c.f. #520) in favour of an Accept header to request a specific Content-Type (or format) for the issuer metadata.

As such we should extend

OpenID4VCI/openid-4-verifiable-credential-issuance-1_0.md

Lines 1261 to 1264 in 60a33f0

	The Credential Issuer MUST respond with HTTP Status Code 200 and return the Credential Issuer Metadata containing the parameters defined in (#credential-issuer-parameters) as either
	* an unsigned JSON document using the media type `application/json`, or
	* a signed JSON Web Token (JWT) containing the Credential Issuer Metadata in its payload using the media type `application/jwt`.

to include

* a JWS json containing the Credential Issuer Metadata in its payload, offering multiple different signatures, using the media type `application/jose+json`.  This serves use cases where the Issuer requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks

(See for the previous discussion on signed_metadata: #528 )