mdoc: tolerate legacy MSO payload and ValidityInfo date encodings

[dmascord]

Summary

Adds controlled tolerance for two non-compliant but real-world MSO encoding patterns, guarded by MdocCompatibilityOptions (defaults to strict).

1. MSO payload wrapping tolerance (MsoPayloadDecoder)

Some issuers emit the MSO payload as a raw CBOR map rather than the spec-required encoded-CBOR byte string (tag 24 wrapped). A new MsoPayloadDecoder utility accepts both forms and is used consistently across MdocCredential, MobileSecurityObjectParser, DeviceResponseParser, and MdocDocument.

2. ValidityInfo timestamp tolerance (allowLegacyMsoValidityTimestamps = false by default)

Some issuers emit ValidityInfo timestamps as plain tstr values without the required CBOR tag 0 (tdate). When MdocCompatibilityOptions.allowLegacyMsoValidityTimestamps is explicitly set to true, the parser accepts and logs these with a warning.

// Default — strict, spec-compliant only:
MdocCompatibilityOptions()  // allowLegacyMsoValidityTimestamps = false

// Opt-in for known non-compliant issuer:
MdocCompatibilityOptions(allowLegacyMsoValidityTimestamps = true)

The leniency is currently needed for interop with a specific deployment where the SITA issuer emits untagged timestamps for compatibility with the NEC verifier at Hong Kong International Airport (HKG). The flag is expected to be removed after 2026-07-01 once the NEC verifier is updated to accept canonical tdate-tagged timestamps per ISO/IEC 18013-5 §9.1.2.

Validation

./gradlew :multipaz:jvmTest \
  --tests org.multipaz.mdoc.mso.MobileSecurityObjectParserTest \
  --tests org.multipaz.mdoc.mso.MobileSecurityObjectTest \
  --tests org.multipaz.mdoc.response.DeviceResponseParserTest

Related

Extracted from #1564 per reviewer request to split into per-commit PRs.