support for CWT status list #45
Description
- Add method to create a CWT status list
- add method to verify a cwt status list (i think we only need to support x509 signed one, and we can depend on the existing mdoc context, or extend it if needed).
- add method to fetch a cwt status list. Should use native fetch, and should include appropriate headers, size limits, and ensure https is used, as well as use an abort signal for (configurable) timeout.
- allow providing a status list entry when creating an mdoc, so it can be added to the MSO.
- allow setting verify status list when verifying an mdoc. value can be either true/false. Also allow providing an optional status list fetcher to fetch the status list. (I think most implementations would want to override it to support caching etc.).
The status list implementation should be based on https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-10.html
The mdoc integration of the status list is defined in draft of second revision of 18013-5 (which is available in our drive)
I think the status list methods can be added to a new StatusList class with static methods, like we do for issuer, verifier, etc..