Key PEM parsed for every JWT signed token

[smw1218]

In oauth2/generates/jwt_access.go:55-66, when using RSA or ECC, the key is parsed from PEM to sign every token. This should be done once and cached.

This makes signing slow (as this step runs rsa.Precompute on every call). Also, the parse code may not be cryptographically secured against timing attacks and it might be possible to extract the private key via side channel attack.