Auto-consume any nonces in JWTs in auth middleware

To make sure JWTs that should only be used for creating one logintoken cannot be abused for other things.

This will break a bunch of tests that abuse tilauspalvelu JWTs, see https://github.com/pvarki/python-rasenmaeher-api/tree/autouse_nonces
