fixes #137: add iss to jwt key proof

[ydanneg]

Fixes #137

[babisRoutis]

@ydanneg PR looks good and I will merge it.

I have some second thoughts because either with this PR or without it, we cannot enforce what specification requires.

iss: OPTIONAL (string). The value of this claim MUST be the client_id of the Client making the Credential request. This claim MUST be omitted if the access token authorizing the issuance call was obtained from a Pre-Authorized Code Flow through anonymous access to the token endpoint

In other words, client_id is always required unless

• Pre-authorized Code Flow is being used AND
• we have anonymous access to the token

The first condition could be tracked by the library, yet not the 2nd.

I will need some time to think about it. Perhaps clientId could be nullable in config. I will come back on this.

[babisRoutis]

@ydanneg Thanks again for the fix

I merged it, leaving aside the considerations expressed in my previous comment, because I have the impression that in most cases the iss is required. It is exceptional the case that it is has to be omitted