Remove insecure functionality

[ghost]

This PR removes insecure functionality of the library in relation to this recent jitsi-meet security advisory. The change essentially removes the decode functionality of the library, making it harder to release unverified plaintext accidentally. The main changes are:

• Remove the decode function.
• Use cjson.safe instead of plain cjsonto safeguard against parsing vulnerabilities.
• Use basexx instead of manual bas64 to base64url conversion.
• Add the feature of optionally verifying the issuer and audience claims of the token. This is first of all good practice, and second of all allows for simplification on the jitsi-meet side.
• Add doc comments to all functions.
• Adapted and extended tests.
• Bumped version to 3.0 as this is a breaking API change.

[sawall]

@philip-cc Looks fantastic to me. Thanks especially for the docs and new cases!

@saghul I made a PR to pin luajwtjitsi to v2 in the jitsi-meet debian build scripts so nothing wonky goes on with out builds until we get the jitsi-meet PR in: https://github.com/jitsi/jitsi-meet/pull/10262 So please approve/merge that before merging this one.

[ghost]

@saghul what's the status on getting this merged?

[saghul]

@sawall can you also take a look please?

[sawall]

@saghul oops, thought you were going to handle that.

[saghul]

Yeah sorry about that, I've been swamped lately.