Remove expired cookie JWT

[m4v15]

Solves #129

Can't think of any other errors we might have to deal with from express JWT but maybe there are, will check

At the moment it checks if its a jwt error, then checks the message and if it's expired it will remove the cookie a redirect back to the original URL (which will deal with the request differently now it has no cookie as opposed to an expired one)

[mattlub]

this seems quite hacky/not ideal but I'm happy to add it in, otherwise we would have to do our own version of the jwt-express module or combine this step with the permissions middleware.

[m4v15]

@mattlub addressed and refactored

[des-des]

@m4v15 @mattlub I do not see this being a security problem happy to let it through if you are happy with it

[mattlub]

@m4v15 I reckon merge it, but raise an issue about rewriting the JWT middleware to be able to remove this middleware