Add app groups

[m4rk055]

Solves the issue with one client handling multiple applications. Apps in the same group use the same key to sign token.

Also adds docker-compose to start the dev environment and refactors the Env class.

[m4rk055]

Let's say A is a DPO company, B and C are clients of A, handling personal data. This of course means A has access to B and C, but also that B has access to C, and I'm not sure we want that.

A is the only one holding the secret key and issuing tokens. Users of B will be issued tokens for B app and won't be authorized to access data belonging to C app.

[TheKinrar]

A is the only one holding the secret key and issuing tokens.

How does this work? B and C might manage their own infrastructure, have their own servers, etc. I feel like the scenario where B and C never have access to the private key will not fit many use cases