Support multi-step interactive authorization

[TimoGlastra]

The current IAE flow is missing two parts described in the OID4VCI spec:

• It is possible for interactive authorization to require multiple steps (e.g. first redirect_to_web, then openid4vc_presentation)
• It is possible for the redirect_to_web to result in an auth_session that should be used to continue the process (we currently assume it will include an auth code)

See https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-1_1-wg-draft.html#name-redirect-to-web

Should also take into account:

• Stuttgart 8: how does wallet determine which session if there are multiple? openid/OpenID4VCI#702 (comment)
• IAE redirect_to_web clarification, multiple use of PKCE_verifier ok? openid/OpenID4VCI#703
• Multiple interactive authorization types allowed for one flow / allow fallback? openid/OpenID4VCI#696