Allow time skew checks to be used with iat checks

[sztupy]

While there is an option to allow for a time skew on nbf and exp checks, there is no such option for checks on the issued at time, which is also a check that cannot be disabled at all. This PR includes the following changes:

• Do the same time skew checks that are done on nbf and exp for iat as well
• Disabling time checks will also disable the check on iat checks
• Add a reason in case the jwt is deemed invalid because it was used before the issue time (saves a lot of debugging time)
• Allow the current time to be set from the properties (useful for testing)

[Eric2017a]

This change should be rejected for the following reasons:

1. The issued at time is not used to determine JWT validity against the current time. Instead, the fields nbf and exp are intended for that use.

2. Allowing setting the current time to an arbitrary value opens the door to replay attacks, and renders the issued at and expirations claims useless.

A more correct fix would be to remove the check of issued at time against current time, thus removing this parameter from consideration of JWT validity (applications using the JWT may decide they want to check this, but per the specification, there is no requirement on the iat being within the nbf to exp range, nor that the iat time be in the past, and there are some cases where it might be useful to have an issued time be in the future).

Note, the use of iat as an nbf claim in the current validity checking is a bug, and should be fixed.