Credential selection when multiple credential from wallet match

[reinkrul]

We see use cases where a wallet contains multiple credentials of the same type:

• PatientEnrollmentCredential in LSP/AORTA-GtK exchanges. For each patient, there will be 1 credential in the wallet.
• HealthcareProviderTypeCredential in Mitz-related and Huisartsinzage exchanges. When a care organization is classified as multiple types (e.g. pharmacy and hospital), multiple credentials will exist in the wallet.

When these credentials need to be presented, the Nuts node needs some information from the EHR on which one to select. This issue will collect approaches to solve this.

Can also be seen as sub-issue of #3993

Option A: Access Token Request match options

{
  "scope": "...",
  "credential_match": {
    "PatientEnrollmentCredential": {
      "credentialSubject.patient_id": "123456789"
    }
  }
}

Or even better, use DCQL: https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-digital-credentials-query-l DCQL doesn't allow you to specify expected values.

Maybe we should follow go-leia's query semantics?