Availability of issuer public key in wallet

[sander]

In the current HDK draft as well as in ARKG the wallet holder needs to know the issuer public key while proving possession of the attestation-bound key.

We have three options:

• Static issuer-specific key. Brings disproportional key management issues.
• Ephemeral issuer-holder key for a batch of attestations. Potentially makes the attestations linkable. So if included as an attested attribute, it needs to be SD with a unique salt for each attestation.
• Ephemeral issuer-attestation key for a single attestation. Could be safely included as another attested, non-SD attribute.

If we’re dealing with a tree of keys anyway, we could as well choose to keep the issuer public key just stored in the wallet as local attestation metadata.

[sander]

This problem is resolved as of 06bf213 using the second option. It seems to work well.