allow to use a proc to fetch public cert instead of a static url

[namiwang]

So some providers (e.g. google/firebase) is using a JSON file to expose multiple x509 public keys instead of one plain file.

[Jack12816]

In this case, you should implement a custom authenticator proc which also fetches the RSA public keys and caches them respectively. I'm unsure how you determine which RSA key to use for verification for which runtime JWT. But if there is no way to detect it properly, you could probe each one until you find a valid combination.

This functionality could be interesting for others I guess. I will keep this issue open as a feature request. But it is doable with the library and custom code right now.