Generated JWT secret is too small for HMAC SHA256

[LeSuisse]

The key that is automatically generated weaken the security strength. As noted in RFC7518 section 3.2:

A key of the same size as the hash output (for instance, 256 bits for
"HS256") or larger MUST be used with this algorithm.  (This
requirement is based on Section 5.3.4 (Security Effect of the HMAC
Key) of NIST SP 800-117 [NIST.800-107], which states that the
effective security strength is the minimum of the security strength
of the key and two times the size of the internal hash value.)

Some JWT libraries are rejecting by default keys that are too small in a attempt to prevent misusages so generating a key that does not respect the minimal length can be problematic for OO integrations.

[CLAassistant]

All committers have signed the CLA.

[agolybev]

Hi @LeSuisse, could you merge changes from release/v7.3.0 into you branch, I edited the PR and changed the branch to fit the development process.

[LeSuisse]

Done, thanks for updating the PR.

[LeSuisse]

Hum what am I supposed to do?

The PR was updated to target the branch release/v7.3.0 and this branch just got deleted.

The issue is still present in the master and development branches 🤷

[agolybev]

Hi @LeSuisse, I'm so sorry for this situation, do you have a possibility of changing the PR branch to hotfix/v7.3.3? Then I could reopen the pull request and merge it immediately.

[LeSuisse]

I have rebased the patch on top of hotfix/v7.3.3 branch https://github.com/LeSuisse/Docker-DocumentServer/commits/jwt-secret-too-small-hmac-sha256

Since the PR is closed I cannot change the target branch.

[agolybev]

@LeSuisse, could you fire the new pull request into the ONLYOFFICE/hotfix/v7.3.3 branch?

[LeSuisse]

Done in #582