Add JWT validation auth middleware

[RichDom2185]

Part of #16.

Adds a middleware that ensures all requests to protected routes must be authenticated (unless in development mode). Authentication is based on RS256 public key verification, with the JWKS source coming from the main backend (currently defined using an environment variable, to be refactored in a future PR).

Note that as our backend does not have the necessary DB schema/structure to support full user verification, as of now, the middleware only validates that the user has been authenticated with the main backend before granting requests (it has no notion of which user is currently accessing the service in order to support the features/roles defined in #15 and #18).

[github-actions[bot]]

coverage: 84.066%. remained the same when pulling e5cbf43d2900d7d502ae2549a40a390ea7848012 on jwt-auth-validation into 5fc47cccabd74fcc8a33f85764efb384a2d9a037 on main.

[RichDom2185]

@YaleChen299 due to the way the service uses a singular JWKS source, at the moment. This service can only support a one-to-many relationship between the main backend and the stories backend.

However, this implementation should be flexible enough to support a many-to-many relationship to fully support multitenancy as defined in #15, via a relatively simple refactor to use maps instead of strings pointing to multiple JWKS sources.

[YaleChen299]

@YaleChen299 due to the way the service uses a singular JWKS source, at the moment. This service can only support a one-to-many relationship between the main backend and the stories backend.

However, this implementation should be flexible enough to support a many-to-many relationship to fully support multitenancy as defined in #15, via a relatively simple refactor to use maps instead of strings pointing to multiple JWKS sources.

This is to say to allow tokens issued by other trusted backends as well right? In this case, do we need add the respected source manually?