[Satosa][Interoperability] Exposure of RP signing key of request object

[Zicchio]

In the "POTENTIAL: API Piloting Definition Scope OID4VP V1.0" draft document (which unfortunately I cannot link), regarding the request object JWT (i.e. JAR protocol), it is stated that

Within (11) is explained how the client that received JWT (in our case wallet that received JAR) can fetch public key of the issuer (in our case RP). It uses HTTP GET method.
RP will publish its metadata containing jwk at the location formed by inserting the well-known string (for Potential we will use /.well-known/jar-issuer) between the host component and the path component (if any) of the iss claim value in the JAR.

If I am understanding this correctly, this implied that some module (direct trust?) should expose a /.well-known/jar-issuer endpoint that exposes the public key whose private component was used to sign the request object JWT.

Asking @peppelinux for:

1. confirmation if what I understood is correct
2. if we should add this requirement somewhere in some milestone (maybe 9.2?)

[peppelinux]

For this issue we should create a specialized trust handler, called DirectTrustJar, that would inherit DirectTrustSdJwtVC and overloading the metadata fetch