fix/oid-vc: Add DSP enable flag and fix OpenID Connect VC support

[Mortega5]

Summary

This MR includes two improvements to the OpenID Connect authentication flow with Verifiable Credentials (VC) support:

1. Add DSP enable flag (BAE_LP_DSP_ENABLED)

Introduces a new config.dspEnabled boolean (default false) controlled by the BAE_LP_DSP_ENABLED environment variable. The flag is also exposed via the /config endpoint so the frontend can consume it.

2. Fix OpenID Connect profile building with VC

• Fixes VerifiableCredential parsing to handle JWTs whose payload contains a credentialSubject directly (previously only verifiableCredential and vc wrappers were handled).
• Moves OIDC strategy to use tokenSet.claims() instead of userinfo for profile extraction, enabling VC data embedded in the ID token to be picked up correctly.
• Adds a custom userProfile function that verifies the access token signature using the issuer's JWKS and extracts the profile from its payload.
• Adds optional nonce support in the OIDC flow via the BAE_LP_OAUTH2_NONCE environment variable (default false).

Environment variables added

Variable	Default	Description
BAE_LP_DSP_ENABLED	false	Enables DSP features in the frontend
BAE_LP_OAUTH2_NONCE	false	Enables nonce generation in the OIDC authorization request