Adopt JWS format for exposing public keys

[glpatcern]

A suggestion brought forward by @thibmeu at yesterday's call is to adopt the JOSE framework and in particular (as I understand it) the JWS format from RFC 7515 to expose the public key(s) to be used to validate httpsig-signed messages.

Indeed, I see the typical practice is to expose a https://ocm-server.org/.well-known/jwks.json file that would have a format such as:

{
  "keys": [
    {
      "kty": "<key type, e.g. RSA>",
      "use": "sig",
      "kid": "key-identifier-2025-12",
      "alg": "RS256",
      "n": "...",
      "e": "...",
    }
  ]
}

(or similar for an EC key)

For OCM, this would mean:

• Entirely dropping the pubkey/pubkeys fields in the OCM discovery endpoint.
• Stating that the capability http-sig and corresponding request-http-signature criteria entail exposing/discovering the signing key from the above endpoint.
  We could also consider to introduce a must-use-http-sig requirement, rather than having the criteria.

@mickenordin you've most recently implemented signatures in your "toy" system, what do you think?

[mickenordin]

Yes, I think this is great. It should work perfectly. The only thing is that we should make sure to check that the two rfc:s are aligned. I.e. we should limit the algorithms available to those specified by the iana registry for http-sig, if JOSE e.g. doesn't allow one of those algorithms, or mandates one that cant be used for http-sig, then we have a problem.