Define VP Token Validation logic.

[Sakurann]

based on the review of PR #65.

OpenID4VP spec does not give detailed steps for VP Validation because VP/VC are credential format specific, so it is great that we now have this profile to clarify. (OpenID4VP spec can do much better at defining VP Token Validation - will take it as an action item https://bitbucket.org/openid/connect/issues/1682/define-vp-token-validation-steps-more)

PR #65 is a great start, but I think we need to agree on the order and concrete steps:

• identify number of VPs and which one contains which of the requested VC(s) using presentation_submission
• verify signatures on VP(s)
• take out VC(s) from the VP(s)
• validate the signature of the VC(s)
• check the VC(s)' status
• validate that iss of a VP matches sub in the VC (Holder Binding - missing right now)
• perform linked domain verification on VC iss DID

we can also optionally add a text checking compliance to some frameworks/verifier's policy if any.

[dtmcg]

review & PR if something is missing or close

[Sakurann]

I think this has been addressed in PR #65.