pin Presentation Credential
Pins the credential that would be consumed next — valid at the current time, with the lowest usage count — so the same credential can both render and sign a presentation for the lifetime of a session.
This matters for OneTimeUse pack documents, where every credential has its own key and its own issuer SD-JWT (the cnf is bound to that key). Reading the body from one credential while signConsumingCredential rotates to another would break key-binding verification. Pinning keeps PresentationCredential.sdJwt and PresentationCredential.sign referring to the same credential.
Returns null if the document has no currently-valid credential.