Fix ACR JWT

[roelarents]

Fixes two issues with ACR authz:

1. JWT parsing didn't supply a keyfunc to verify the JWT access token, but that is required. Added a cli-option to supply a JWKS URI. Which is by default empty and then JWT verification is explicitly skipped.
2. When using Basic authz, it is still required to obtain an access token first with which to make requests for manifests and tags.

[hawksight]

Thank you @roelarents for this and several other PRs recently. We may not be able to fully review this very quickly. I'll attempt to give it a good look over in the next week or two.

Can you give any context whether you've built and run this change in your environment?

[roelarents]

Thanks in advance. I've merged them, built the image, and ran it in our test k8s environment which uses a docker.io and aprivate.azurecr.io registry with basic auth.