fix(federatedfilesharing): sign token-exchange request with RFC 9421

The outbound POST to the remote /api/v1/access-token endpoint was
signed using bare OCMSignatoryManager, which falls through to the
draft-cavage path because no rfc9421.format option is set. Wrap the
manager in Rfc9421SignatoryManager so the exchange request is signed
with the Ed25519 key and RFC 9421 signature base, matching what
OCMDiscoveryService::prepareOcmPayload already does for OCM endpoints
when the remote advertises the http-sig capability.

Receiving TokenController auto-detects RFC 9421 vs draft-cavage via
the Signature-Input header, so no inbound change is needed.

Signed-off-by: Micke Nordin <kano@sunet.se>

Author: mickenordin

apps/federatedfilesharing/lib/OCM/CloudFederationProviderFiles.php

@@ -9,6 +9,7 @@
 use OC\AppFramework\Http;
 use OC\Files\Filesystem;
 use OC\OCM\OCMSignatoryManager;
+use OC\OCM\Rfc9421SignatoryManager;
 use OCA\FederatedFileSharing\AddressHandler;
 use OCA\FederatedFileSharing\FederatedShareProvider;
 use OCA\Federation\TrustedServers;
@@ -759,7 +760,7 @@ private function exchangeToken(string $remote, #[SensitiveParameter] string $sha
 
 			try {
 				$options = $this->signatureManager->signOutgoingRequestIClientPayload(
-					$this->signatoryManager,
+					new Rfc9421SignatoryManager($this->signatoryManager),
 					$options,
 					'post',
 					$tokenEndpoint