Add ID token validation

[joshcanhelp]

This PR adds ID token validation to the basic OmniAuth-Auth0 strategy. The main strategy was not altered in any way functionally except to add this validation (minor docs additions and minor formatting). The main work for this PR is in the new OmniAuth::Auth0::JWTValidator class.

This uses the Ruby JWT library and validates the following:

• Signature
• Expiration (30 sec leeway)
• Issuer
• Audience
• Not Before (30 sec leeway)

[esarafianou]

LGTM from a security perspective