How can we ensure that the request to end point “/integrator-authentication/.well-known/openid-configuration/jwks” responded by Mobilepay server only?

You can validate the TLS connection, specific to api.mobilepay.dk, and optionally validate the certificate chain from the x5t to DanskeBank root