Use JWK url
It is quite unusual to pass the public key as an env variable. Additionally it has some maintenance implications and also restricts us to only using one public / private key pair. By switching to the jwcrypto library we could solve that issue (there is no 1.0 release yet). This branch loads the jwk (JSON Web Key) from the environment variable SIP_AUTH_OIDC_JWKS_URL
and caches it in mem. This means that no restart is necessary when the keycloak server suddenly uses a new public / private key pair (it could even allow both keys during some period of time)
cc @eisman