Add RSA to JWT API and Generic Enforced Claims

[erikburt]

This PR accomplishes 2 things.

• adds support for different JWT key types (RSA for now), as the original implementation solely supported ECDSA256.
  • Breaking: Adds mandatory key_type field to a key's config
• Breaking: adds enforced_claims to JwtConfig, and removes enforced_aud
  • This makes the enforceable claims more generic, and not limited solely to aud.

Changes

• Add key type enum, necessary for deserialization and choosing an appropirate algorithm
• Add a JwtConfigRaw for initial deserialization.
  • This ensures we have a struct without jsonwebtoken::EncodingKey parameter, which is not easily deserialized to directly when there's multiple possible key types.
    • previous implementation blindly used EncodingKey::from_ec_pem
  • So now we deserialize to the JwtConfigRaw struct, and then map that to the slightl modified JwtConfig struct.
• Adds enforced_claims, replacing more specific enforced_aud functionality
• Adds tests for RSA keys + enforced_claims functionality
  • Made test request bodies more descriptive, so you can more easily figure out which test is failing.

Testing

Ran the tests locally, and are passing.

Breaking Changes

1. JwtConfig now requires mandatory key_type - possible values are es256, and rs256.
2. enforced_aud has been removed from the JwtConfig. You must now use enforced_claims.aud instead
   • if JwtParams includes aud, and it doesn't match the key's enforced_claims.aud (if present), then it will throw an error
   • Previous behaviour was using enforced_aud if it was set, and ignoring JwtParams.aud (ie. no error)

[obelisk]

Looks right. Needs a test added to test_jwt though

[erikburt]

I can split this into 2 PRs if preferred.