Add format-specific credential metadata contribution for OID4VC

Introduce a CredentialBuilder hook that allows credential formats to
contribute format-specific metadata to the OID4VC issuer well-known
configuration. The issuer delegates metadata shaping to the
corresponding CredentialBuilder implementation.

Refactor metadata contribution to work directly with
SupportedCredentialConfiguration and CredentialScopeModel, improving
type-safety and avoiding unnecessary serialization.

Add integration tests to verify that SD-JWT credentials expose `vct`
without `credential_definition`, and JWT_VC credentials expose
`credential_definition` without `vct`.

Closes keycloak#45485

Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in>

Author: namanONcode

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCIssuerWellKnownProviderTest.java

@@ -880,87 +880,6 @@ public void testOldOidcDiscoveryCompliantWellKnownUrlWithDeprecationHeaders() {
         }
     }
 
-    /**
-     * Tests that SD-JWT credential metadata contains 'vct' and does NOT contain 'credential_definition'.
-     * This is an end-to-end test using HTTP requests to the well-known endpoint.
-     */
-    @Test
-    public void testSdJwtMetadataContainsVctAndNotCredentialDefinition() {
-        try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
-            String wellKnownUri = getRealmMetadataPath(TEST_REALM_NAME);
-
-            // Configure realm for unsigned metadata
-            testingClient.server(TEST_REALM_NAME).run(session -> {
-                RealmModel realm = session.getContext().getRealm();
-                realm.setAttribute(OID4VCIssuerWellKnownProvider.SIGNED_METADATA_ENABLED_ATTR, "false");
-            });
-
-            HttpGet getJsonMetadata = new HttpGet(wellKnownUri);
-            getJsonMetadata.addHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON);
-            try (CloseableHttpResponse response = httpClient.execute(getJsonMetadata)) {
-                assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
-                String json = EntityUtils.toString(response.getEntity(), StandardCharsets.UTF_8);
-                CredentialIssuer issuer = JsonSerialization.readValue(json, CredentialIssuer.class);
-                assertNotNull("Response should be a CredentialIssuer object", issuer);
-
-                Map<String, SupportedCredentialConfiguration> credentialsSupported = issuer.getCredentialsSupported();
-                assertNotNull("Credentials supported should not be null", credentialsSupported);
-
-                // Find an SD-JWT credential configuration
-                SupportedCredentialConfiguration sdJwtConfig = credentialsSupported.values().stream()
-                        .filter(config -> Format.SD_JWT_VC.equals(config.getFormat()))
-                        .findFirst()
-                        .orElse(null);
-
-                assertNotNull("SD-JWT credential configuration should be present", sdJwtConfig);
-                assertNotNull("SD-JWT metadata must contain 'vct'", sdJwtConfig.getVct());
-                assertNull("SD-JWT metadata must not contain 'credential_definition'", sdJwtConfig.getCredentialDefinition());
-            }
-        } catch (Exception e) {
-            throw new RuntimeException("Failed to process metadata response: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * Tests that JWT_VC credential metadata contains 'credential_definition' and does NOT contain 'vct'.
-     * This is an end-to-end test using HTTP requests to the well-known endpoint.
-     */
-    @Test
-    public void testJwtVcMetadataContainsCredentialDefinitionAndNotVct() {
-        try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
-            String wellKnownUri = getRealmMetadataPath(TEST_REALM_NAME);
-
-            // Configure realm for unsigned metadata
-            testingClient.server(TEST_REALM_NAME).run(session -> {
-                RealmModel realm = session.getContext().getRealm();
-                realm.setAttribute(OID4VCIssuerWellKnownProvider.SIGNED_METADATA_ENABLED_ATTR, "false");
-            });
-
-            HttpGet getJsonMetadata = new HttpGet(wellKnownUri);
-            getJsonMetadata.addHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON);
-            try (CloseableHttpResponse response = httpClient.execute(getJsonMetadata)) {
-                assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
-                String json = EntityUtils.toString(response.getEntity(), StandardCharsets.UTF_8);
-                CredentialIssuer issuer = JsonSerialization.readValue(json, CredentialIssuer.class);
-                assertNotNull("Response should be a CredentialIssuer object", issuer);
-
-                Map<String, SupportedCredentialConfiguration> credentialsSupported = issuer.getCredentialsSupported();
-                assertNotNull("Credentials supported should not be null", credentialsSupported);
-
-                // Find a JWT_VC credential configuration
-                SupportedCredentialConfiguration jwtVcConfig = credentialsSupported.values().stream()
-                        .filter(config -> Format.JWT_VC.equals(config.getFormat()))
-                        .findFirst()
-                        .orElse(null);
-
-                assertNotNull("JWT_VC credential configuration should be present", jwtVcConfig);
-                assertNotNull("JWT_VC metadata must contain 'credential_definition'", jwtVcConfig.getCredentialDefinition());
-                assertNull("JWT_VC metadata must not contain 'vct'", jwtVcConfig.getVct());
-            }
-        } catch (Exception e) {
-            throw new RuntimeException("Failed to process metadata response: " + e.getMessage(), e);
-        }
-    }
 
     private void testBatchSizeValidation(KeycloakTestingClient testingClient, String batchSize, boolean shouldBePresent, Integer expectedValue) {
         testingClient