JWS algorithms are case-sensitive

[bc-pi]

JWS algorithms are case-sensitive, per the JWS/JWA specs[1], and DBSC should consistently use the defined ones ES256 and RS256 (rather than es256 and rs256 that currently sometimes are used). Doing so would be good for lots of reasons but one is that suggesting any kind of case-insensitive treatment of alg values should be avoided due to issues like this: https://cybercx.co.nz/blog/json-web-token-validation-bypass-in-auth0-authentication-api/

[1] https://www.rfc-editor.org/rfc/rfc7515#section-4.1.1 https://www.rfc-editor.org/rfc/rfc7518.html#section-3.3 https://www.rfc-editor.org/rfc/rfc7518.html#section-3.4 https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms