Add text requiring wallet to check expected_origins #542
Description
As per draft Stuttgart security analysis:
Expected Origins Parameter [OID4VP, Appendix A.2] introduces a new authentication request
parameter, expected_origins for signed requests over the DC API. However, the specification
does not explicitly require the wallet to verify that the origin asserted by the DC API is included in
this set.