Fix VC forgery bug

[gproanomsft]

Problem: VC SDK allows the iss claim of a VC JWT to be different than the did which signed the token, allowing for forged VCs to be accepted

Solution: Enforce that iss and the did in the kid property of the header are the same

Validation: Added new unit tests

Type of change:

• [ ] Feature work
• [x] Bug fix
• [ ] Documentation
• [ ] Engineering change
• [ ] Test
• [ ] Logging/Telemetry

Risk:

• [x] High – Errors could cause MAJOR regression of many scenarios. (Example: new large features or high level infrastructure changes)
• [ ] Medium – Errors could cause regression of 1 or more scenarios. (Example: somewhat complex bug fixes, small new features)
• [ ] Small – No issues are expected. (Example: Very small bug fixes, string changes, or configuration settings changes)