add key attestations

[paulbastian]

Closes #355 Closes #368

• [x] link to the point in the spec where this is being used
• [x] add metadata
• [x] discuss if we need cnf claim
• [ ] discuss whether OpenID4VCI wants to specify how to use DPoP with key attestation
• [x] update Security Consideration section for key attestation
• [x] discuss whether expiration of key attestation and expiration of key is the same or different
• [x] add text about Level of assurance and attack potential resistance
• [x] explain difference between two usages
• [x] new proof type that contains mandatory keyattestation with nonce
• [ ] https://github.com/openid/OpenID4VCI/pull/389/files#r1797063233
• [ ] tuning key_type and user_authentication values