Implement automatic STS account provisioning

[paullatzelsperger]

Feature Request

An extension will be implemented that automatically creates an STS "account" (StsClient), when the SecureTokenService (STS) is embedded in the IdentityHub runtime.

Several use cases exist for this:

• ParticipantContextCreated: create the StsClient object with the default key pair, generate a random client secret
• KeyPairRevoked: set the vault aliases for the private and public key to null
• KeyPairRotated: set the vault aliases for the private and public key to null
• DidDocumentPublished: obtain the default keypair and set it's privateKeyAlias and its key-id (from the did document). This feature can be disabled with a configuration value.

Note that when keys are revoked or rotated, and a new key is attached to the request, that will result in a KeyPairAdded event

Which Areas Would Be Affected?

add new extension to IH

Why Is the Feature Desired?

convenience

Solution Proposal

The extension should be so fault tolerant to only execute the aforementioned event handlers, if the STS modules are in fact present and an StsClientStore can be resolved.
In other words, adding this new extension to an IdentityHub that does not contain STS modules should not raise an error, but log an error. This simplifies the creation of an IdentityHub BOM.