fix(vcr/verifier): handle unparseable issuer DID instead of nil deref

[SAY-5]

Closes #4235

Verify discarded the error from did.ParseDID(credentialToVerify.Issuer.String()) and then dereferenced the resulting (possibly nil) *did.DID at v.didResolver.Resolve(*issuerDID, &metadata), panicking the node when an external issuer emitted a non-RFC3986 did:x509.

Surface the parse error as a regular validation failure ("could not validate issuer: ...") so the request fails cleanly with a 4xx instead of crashing the verifier goroutine.

Added a regression test under TestVerifier_Verify/with_signature_check that wraps the call in require.NotPanics and asserts the error is surfaced. The test panics on master and passes with this change.

[qltysh]

Coverage Impact

⬇️ Merging this pull request will decrease total coverage on master by 0.09%.

Modified Files with Diff Coverage (1)

Rating	File	% Diff	Uncovered Line #s
	vcr/verifier/verifier.go	100.0%
	Total	100.0%

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.

[reinkrul]

@SAY-5 this repository requires signed commits, I can't merge otherwise

[reinkrul]

Suggested change

	return fmt.Errorf("could not validate issuer: %w", err)
	return fmt.Errorf("could not parse issuer: %w", err)

[reinkrul]

Suggested change

	assert.Contains(t, validationErr.Error(), "could not validate issuer")
	assert.Contains(t, validationErr.Error(), "could not parse issuer")

[SAY-5]

Thanks for the heads up. I'll re-sign the commits with a verified GPG key and force-push the updated branch shortly.

[SAY-5]

Applied both suggestions in c22d536: the parse-error path now reads could not parse issuer and the test asserts on that message. go test ./vcr/verifier/... is green. The commit is SSH-signed but the signing key on this account is not yet registered as a verified signing key on github.com, so GitHub still shows it as unverified. Will get the SSH signing public key added under Settings -> SSH and GPG keys -> Signing key shortly so the verification badge flips on.

[SAY-5]

Applied both suggestions, the parse-path error now says 'could not parse issuer' and the assertion was updated to match. Pushed 2ce91f9.

[reinkrul]

@SAY-5 your commits still appear unsigned/unverified, can't merge before that's fixed.

We also need to rework our GH actions workflow to allow go test to run properly on forks (which now fails and blocks merging), so I'll be addressing that.