add verify_sig fn

[superstator]

For #156. I'm essentially just pulling the signature verification steps into their own function that can be called independently, and then having decode call that new function rather than duplicating everything. I'm certainly not set on verify_sig as a function name, if you have suggestions.

[Keats]

Can you base your PR on https://github.com/Keats/jsonwebtoken/pull/160 ? There are some changes around those functions in it.

[superstator]

Like that? Or would you rather I actually merge next on my end?