I try to answer you questions as good as I can, but you might seek the assistance of a consultant who checks your requirements in detail.
1) shibboleth authentication in SD is SAML-based authentication. Which means that an external Authenticator forwards an "authenticated" request to the Web Application. Your Mobile users will therefore first need to authenticate themselves against this Authenticator. The Authenticator itself is not part of Service Desk and could be any enterprise single sign-on solution which supports SAML. As Mobile Phones (smartphones) have supported browsers for Workspaces (see https://help.landesk.com/docs/help/en_US/LDSD/10.0/Default.htm#../Subsystems/SupportedPlatforms/Content/BrowserClients.h… ) there is no need for any native application.
2) The communication between the browser and workspaces are secured by SSL. You can add you company's SSL certificate to increase security here as well. Setting up a VPN would add another layer of encryption and protection. There is, however, no build in VPN solution in Service Desk and this would need to be provided by an external solution.
3) This is not a feature of Service Desk. You can set up Service Desk to create new users out of incoming emails, but there is no email verification and any sender will create a new user. I suggest that you take a look at Landesk Password Central (Password Management & Recovery | LANDESK ) for automated user creation and verification.