feat: support OIDC id_token

- generate JWT id_token in token exchange
- store optional nonce in authorization object
- switch to RS256 algorithm for JWT signature
- add JWKs endpoint to provide OIDC clients with public keys

tests/hurl_integration/scenario_1/config.toml

@@ -1,3 +1,5 @@
+signing_key = "tmp/secrets/signing.key"
+
 [instance]
 base_uri = "http://localhost:8086"
 name = "Example org"

tests/hurl_integration/scenario_1/main.hurl

@@ -27,7 +27,7 @@ handle: root
 email: root@johndoe.net
 full_name: John Doe
 website: https://johndoe.net
-picture: file,john_doe_profile_pic.jpg; image/jpeg
+avatar: file,john_doe_profile_pic.jpg; image/jpeg
 HTTP 200
 
 GET {{ base_url }}/me/authorizations