feat: replace random access with round robin

[pmlopes]

Motivation:

JWS/JWT picks a random signer when multiple entries are known for the same algorithm. There are a few known problems here:

1. we don't rely on a secure random
2. random initialization interferes with build time initialization in Quarkus (not regular GraalVM)

With this behavior change we are more aligned with cloud vendors. We just round robin the keys.