Demo issuing credentials to a mobile wallet

[reinkrul]

To prove the node is compatible with OpenID4VCI, it should be able to issue credentials to a generic wallet. This requires the following:

• [ ] Support API call returning credential_offer for QR code rendering (we only have support sending the credential offer to a wallet's offer endpoint)
• [ ] Support having the OpenID4VCI endpoints publicly accessible, instead of (only?) under /n2n
• [ ] Have the node support producing did:web documents
• [ ] Have a demo-app through which the VC is issued

Actual use case/demo

Allow users to log into Demo EHR using an EmployeeCredential in their wallet. The pre-authorized code flow for issuing VCs applies to this use case, so we don't need the authorization code flow in this case. However, we currently issue the credential before offering it to the wallet. Since we don't know the mobile wallet's DID upfront (e.g. did:jwk) we can only issue it when the wallet requests the credential (since it contains proof containing the wallet's DID).

This requires additionally:

• [ ] Specifying the credential
• [ ] Have Demo EHR issue the credential (maybe after the user is logged in?)
• [ ] OpenID4VP support for logging in with the credential in Demo EHR
• [ ] Support issuing VC when wallet requests the credential, instead of pre-emptively.

[reinkrul]

We demo-ed this with Sphereon Wallet, MS Authenticator didn't work at that time (since it doesn't support OpenID4VCI). There are new POCs that do this.