Add database backed logging

[ollieread]

Add the ability to enable JWT id logging in the database along with corresponding expiration timestamps.

The database should only store the jti, aud and exp claims. It should have a flag for revoking tokens and an optional command to clean any entries that have expired.

[ludo237]

You can leverage a json column to store every claims

[ollieread]

@ludo237 I'd like to avoid storing every claim. The reason for the selected ones above are for several reasons:

• jti This is the id that represents the JWT token and can be used to quickly query, allowing you to blacklist, etc
• aud This allows you to see which audience the JWT token was for, this is particularly useful if you have a JWT issuer for multiple audiences (like I do)
• exp This is stored so that, if necessary, the rows can be pruned once tokens have expired

The idea is not to backup the JWT in the database, as that's sort of pointless. It's to instead keep a log of JWTs being issued.