feat: add wallet_attestation mechanism type to identity linking registry

[douglasborthwick-crypto]

Overview

This PR adds wallet_attestation as a new mechanism type in the Identity
Linking Mechanism Registry introduced by #265. @amithanda invited this
follow-up in #265 (comment).

Wallet attestation enables commerce flows where the user's blockchain wallet
address serves as the identity — no redirect, no token exchange, no account
creation. A third-party verification provider evaluates on-chain state and
returns a cryptographically signed attestation that the business verifies
offline via JWKS.

---

What Changed

Mechanism Registry (identity_linking.json)

• Added $defs/wallet_attestation — follows the same pattern as $defs/oauth2:
  type (const), provider_jwks (required, URI), attestation_endpoint
  (optional, URI), additionalProperties: true.
• Updated base mechanism description to list wallet_attestation as a known
  type alongside oauth2.

Specification (identity-linking.md)

• Added ### Wallet Attestation ("type": "wallet_attestation") under
  Supported Mechanisms, at the same level as the existing OAuth 2.0 section.
• Sections: JWKS Resolution, Attestation Flow, For Platforms (requirements),
  For Businesses (requirements), Scope Considerations.
• Added end-to-end workflow example: token-gated commerce scenario showing
  mechanism selection, attestation request/response, checkout attachment, and
  offline signature verification.

Scope derivation

The wallet attestation mechanism does not use OAuth 2.0 scopes. The existing
pruning algorithm (Step 3 in overview.md) already handles this — capabilities
without identity_scopes contribute zero scopes to the authorization set.

---

Relationship to #264

This PR and #264 (attestation extension for eligibility) are complementary but
independent:

• This PR adds a mechanism type to identity_linking — how a business
  establishes identity via wallet attestation.
• feat: attestation extension for eligibility claims #264 adds an extension to shopping capabilities — where attestation
  data appears in cart/checkout wire format.

Neither PR depends on the other. When both are present, the mechanism provides
the signed attestation and the extension provides the wire format for attaching
it.

---

Files Changed

File	Change
source/schemas/common/identity_linking.json	Added $defs/wallet_attestation, updated mechanism description
docs/specification/identity-linking.md	Added wallet attestation mechanism section + E2E example
.cspell/custom-words.txt	Added ATST, attestedAt, expiresAt

Type of change

• New feature (non-breaking change which adds functionality)
• Documentation update

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[douglasborthwick-crypto]

@googlebot I signed it!