Handle JWT tokens with oidc providers

[jsdt]

Description of Changes

This handles JWT tokens from other providers, as long as they host an openid config and public keys.

Tokens with the issuer "localhost" will go through the older flow.

There are some things that should be improved in future PRs:

1. This uses a global JWK cache. The cache should probably be tied to the NodeDelegate.
2. This could use more logging and metrics around key fetching and failures.
3. This is using forks of two jwt/jwk libraries, which we should replace longer term.

Expected complexity level and risk

4. This doesn't change much aside from including more tokens that can be accepted.

Testing

This has unit tests that spin up a server hosting public keys to test fetching and validation.