timestamp fo the batch issued credentials

[Sakurann]

there was an issue raised regarding traceability concerns in batch issuance that all tokens are generated with the same timestamp, making them traceable. If the issuer generates a new timestamp for each attestation, during batch issuance, the issuance of 10/30/50 attestations often falls within the same second, or at most, spans two seconds.

Suggestion would be to add a privacy considerations section like the following (it is also in the sd-jwt rfc):

"claims carrying time information, like iat, exp, and nbf, MUST either be randomized within a time period considered appropriate (e.g., randomize iat within the last 24 hours and calculate exp accordingly) or rounded (e.g., rounded down to the beginning of the day)."

[Sakurann]

wg discussion: ok with a privacy considerations section (https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html#section-15.4.1) that is credential format agnostic in terms of which parameter names (iat/exp/nbf) - just say "time related information in the credentials". do not say MUST, say SHOULD.