Retrieving all client metadata from client_metadata parameter seems too restrictive

[jogu]

We have this text under several of the client id schemes, e.g. x509_hash:

"All Verifier metadata other than the public key MUST be obtained from the client_metadata parameter."

I'm not 100% sure what we intended here to be honest (given we define a very limited set of things to be valid inside client_metadata parameter), but I think we need to tweak this to be clear that it's okay to get a client name from the x509 certificate, and HAIP explicitly suggests other things like (e.g.) valid response_uri values could come from the x509 certificate.