Build a standardised manifest file per the QualityLink Discovery & Data Exchange specifications
Encrypt HTTP header values with the aggregator's RSA public key so secrets are not stored in plain text in the manifest.
The encrypted value will be Base64-encoded and placed in the auth.value field.
Public key will be fetched from {root}/api/v1/public-key/pem.
The API must allow cross-origin requests (CORS) from this page's origin.