key attestation in HAIP

[Sakurann]

Key attestation has been added to OID4VCI.
How do we want to profile it in HAIP?
Do we want to mandate key_attestation proof type?

[Sakurann]

it looks like implementers are using both, suggest we change to the following

The wallet MUST support both the JWT proof type and attestation proof type. The Credential Issuer MUST support both.
When the JWT proof type is used, key_attestation proof type MUST be supported.

this would de facto mandate key attestation, but the issuer has a choice.

[Sakurann]

as discussed in #32, we should discuss if we want to mandate any other JWT header parameter (jwk, x5c, trust_chain, in addition to key_attestation)

[tlodderstedt]

I suggest to start by adding the key attestation methods mentioned above to HAIP. I would make both MTI for issuers and let the wallet choose.