feat: embedded STS

[wolf4ood]

What this PR changes/adds

Implements STS (Secure Token Service) embedded

TheEmbeddesSecureTokenService creates the Self-Issued ID token from the input claims by using a TokenGenerationService. If the param bearerAccessScope is provide it will also automatically attach the access_token claim which is another Jwt token containing the provided scopes (Credential Service Access).

The Self-Issued ID format is compliant with the spec here.

For the access_token the format is still a JWT similar to the Self-Issued ID one but the:

• scope claim that contains the bearerAccessScope for the Credential Service access.
• iss claim is the same as the Self-Issued
• aud is the iss of the Self-Issued token
• sub is the aud of the Self-Issued token

The the same private key it's used for signing the Self-Issued ID token and the Access token.

Why it does that

IATP adoption

Further notes

The ConsumerPullKeyPairFactory as been refactored by extracting the KeyPairFactory spi and moving KeyPairFactoryImpl into connector-core, so it can be reused by the iatp and TransferDataPlaneCoreExtension.

Linked Issue(s)

Closes #3500

[codecov-commenter]

Codecov Report

Attention: 45 lines in your changes are missing coverage. Please review.

Comparison is base (5759cc8) 72.21% compared to head (fcb541a) 72.31%.
Report is 2 commits behind head on main.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3529      +/-   ##
==========================================
+ Coverage   72.21%   72.31%   +0.10%     
==========================================
  Files         853      864      +11     
  Lines       17162    17355     +193     
  Branches      965      987      +22     
==========================================
+ Hits        12394    12551     +157     
- Misses       4359     4393      +34     
- Partials      409      411       +2     

Files	Coverage Δ
...ipse/edc/connector/core/CoreServicesExtension.java	94.59% <100.00%> (+0.15%)	⬆️
...identitytrust/validation/rules/HasValidIssuer.java	100.00% <100.00%> (ø)
...titytrust/validation/rules/HasValidSubjectIds.java	100.00% <100.00%> (ø)
.../iam/identitytrust/validation/rules/IsRevoked.java	100.00% <100.00%> (ø)
...trust/sts/embedded/EmbeddedSecureTokenService.java	100.00% <100.00%> (ø)
...tytrust/sts/embedded/SelfIssuedTokenDecorator.java	100.00% <100.00%> (ø)
...o/JsonObjectToVerifiableCredentialTransformer.java	90.00% <100.00%> (ø)
...sfer/dataplane/TransferDataPlaneCoreExtension.java	81.81% <ø> (+7.90%)	⬆️
.../edc/identitytrust/model/VerifiableCredential.java	50.00% <ø> (ø)
...dc/identitytrust/model/VerifiablePresentation.java	58.62% <100.00%> (ø)
... and 12 more

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[paullatzelsperger]

LGTM, mostly minor nits

[jimmarino]

Two small changes in the comments.