HttpSig updates from Signing Messages implementation

[bblfish]

The full readable version is here. The changes are all in the first section (at present). These changes arrived at from experience gained implementing "Signing HTTP Messages v04".

See in particular

• implementing RFC8941
• implementing Signing HTTP Messages

The examples in Part 1 have been produced from those implementation with code added in this Reactive Solid Commit.

This starts addressing or referencing the following issues:

• issue 156: ontology for KeyID Document
• support did JWT

There will be more updates to this PR forthcoming, but am sending this in for potential discussion of issues in conf call.

One major change is that I have given up on adding syntax to the keyid value by surrounding it with < and >, as this make the library for "Signing Http Messages" depend on HttpSig. Instead we can add an attribute to the Authorization header if and when we deploy a P2P protocol.

[bblfish]

In the last two commits I

1. Updated the Authorization header to change the name of the key attribute to proof.

   -Authorization: HttpSig key=sig1, cred="<https://alice.freedom/cred/BAEng>"
   +Authorization: HttpSig proof=sig1, cred="<https://alice.freedom/cred/BAEng>"

   this is because there are too many uses of the word key already in the spec. It also makes more sense to think of a signature as a proof of authorization.

2. I require the Authorization header to be in the signature string, so that it can't be changed to another one.