Update Accept header to application/vc+ld+json

[rhofvendahl]

This PR updates references to Accept header in "Create Credentials" requests to use either application/vc+ld+json or application/vc+ld+json+sd-jwt, as discussed in issue #574.

EDIT: using application/sd-jwt rather than application/vc+ld+json+sd-jwt, as discussed in 11/7/23 trace call.

[TallTed]

As we discussed on the call --

application/vc+ld+json+sd-jwt should not exist.

An application/sd-jwt is akin to an application/zip, and should not externally expose the media type of the document(s) it contains in its own media type; those should be revealed/discovered when that/those document(s) are extracted or sniffed.

In this scenario, an application/vc+ld+json document would be the result of extracting/sniffing from an application/sd-jwt document, and would be what is expected during such a transaction. Contents of other media types should lead to errors.

In sum: Accept headers in "Create Credentials" requests should be either application/vc+ld+json or application/sd-jwt (the latter of which will always package an application/vc+ld+json, in this context).

[rhofvendahl]

I'll be splitting out the data integrity proof updates, with sd-jwt work pending resolution in the jose-cose working group

[OR13]

I would remove this part

[rhofvendahl]

Could you say more? In this case the Accept header is on a Verify request, so just represents a preference that the verification response be in json format, right?

[mkhraisha]

@rhofvendahl is there anything outstanding for this PR?

[rhofvendahl]

@mkhraisha Once Orie's suggestion is resolved this should be ready to merge.

There are still some references to application/sd-jwt which may need to change if the jose-cose working group decides to go with something else, but there needs to be some value in those cases so I think it should work for now.

[OR13]

Related PR: w3c/vc-jose-cose#186

^ in case this PR is not merged, the current PR will continue to be correct.