feat: implement the public metadata issuance protocol

[karx1]

This PR implements the issuance protocol for Publicly Verifiable tokens with Public Metadata (token type 0xDA7A).

This is a revival of #25, rebased onto the current main branch and updated to support draft-ietf-privacypass-public-metadata-issuance-03. This PR also addresses the feedback from that PR.

This PR also pins voprf to version 0.6.0-pre.0, as cargo automatically updating to 0.6.0-pre.1 was causing compilation errors on a clean build with no Cargo.lock.

Finally, the functions verify_token and parse_authorization_str/parse_authorization_str_ext are some QoL additions that helped during development, but I'm happy to remove those if needed.

[thibmeu]

two main comments:

1. there should be cross implementation test, with typescript/go. Typescript provides a JSON that has been generated by the go implementation, might be the simplest to consume
2. I'm not sure the interface is the right one. I feel that there are way to extend method solely based on the type without introducing TokenProtocol structure

[karx1]

I've addressed most of the review comments, and now I'm looking to see how to best address the compatibility requirements between the older and newer versions of draft-ietf-privacypass-auth-scheme-extensions, and will report back.

[karx1]

I've decided to drop the backwards compatibility handling and conform strictly to draft-ietf-privacypass-auth-scheme-extensions-03. I'll remove those changes now, but I'm happy to revisit putting it behind a cargo feature if you'd prefer to keep that behavior available.

[karx1]

Also, RFC 9577 §2.2.2 says the token field might be a quoted-string, so I'm implementing changes accordingly.