JSON Web Key Set (JWKS) Support

[shaunco]

For machine-to-machine API calls where open-balena is added to an existing cloud environment that has an existing JWK/JWT based auth service, it would be great to for open-balena-api to support a JWKS URI config option.

Looks like the easiest way to do this is to swap the https://www.npmjs.com/package/passport-jwt package for something like https://github.com/auth0/node-jwks-rsa/blob/master/examples/passport-demo/README.md (although, that has been replaced with https://auth0.com/blog/auth0-s-express-openid-connect-sdk/ ) ... so, maybe it is time to make the passport auth mechanism pluggable.

In the meantime, I'll try just swapping out parts of src/infra/auth through a volume mount.