Wallet should not return credentials where the signature has expired

[jogu]

Vaguely related to #159, as discussed on yesterday's WG call, we should probably clarify whether the wallet should return credentials that are expired and could no longer be validated.

For example, an SD-JWT where the current time is after the 'exp' header should not be returned to a verifier.

(For clarity, this is completely separate to the concept that an mDL that is cryptographically valid where the user's driving privileges have expired, which could still be used for identity validation purpose.)

[Kristina thought there might have already been an issue on this subject but I couldn't spot it.]

[David-Chadwick]

Minor point, it's verification not validation. Also a RP may be willing to accept (validate) an expired certificate that cannot be cryptographically verified. (In real life I have presented my old passport that had expired and had the corner cut off and it was accepted)