Define credential metadata updates and versioning

[fkj]

This is somewhat related to #278, but just for metadata.
It's exactly clear when a wallet should update the metadata for a credential. Right now, the "safe" way seems to be just fetching metadata once, but there is interest in adding the ability to update metadata without having to reissue a credential.
It's not clear whether a wallet can refetch and update Credential Issuer Metadata, then update existing credential instances listed in it with the new metadata.

After discussing at IIW, we came to the following conclusions and questions:

• It would make sense to version Credential Issuer Metadata.
• It would make sense to version Credential Instance specific metadata (see Metadata in credential response #721).
• When should a wallet update metadata?
  • NOT on presentation since this would show issuers when the credential is used
  • By polling sometimes
  • When notified via Notification Endpoint (which could be extended to support "metadata update" notifications)
• How do we ensure that credential issuer metadata and credential instance specific metadata stays in sync. Both can update independently, but sometimes you might need to update them in a coordinated way for the update to make sense
  • It would make sense for Credential Instance specific metadata to be "based on" a specific version of Credential Issuer Metadata so overrides can be deterministically controlled
  • It might make sense to require that wallets MUST fetch updated Credential Issuer Metadata when Credential or Credential Instance specific metadata is updated.
• We should probably have a cache mechanism with expiry to allow issuers to control how often wallets check for new metadata