Improve support for Unsecured JWT

[hesalx]

This allows for symmetric support of Unsecured JWT. It now works as any other algorithm for both encoding and decoding.

Fixes #323.

https://tools.ietf.org/html/rfc7519#section-6 allows for Unsecured JWT using "alg" value of "none". It does not forbid further processing of Unsecured JWT and thus claim verification still applies.

https://tools.ietf.org/html/rfc7518#section-3.6 requires the signature to be an empty string.

https://tools.ietf.org/html/rfc7518#section-3.6 and https://tools.ietf.org/html/rfc7518#section-8.5 forbid accepting Unsecured JWT unless explicitly allowed (this has already been addressed).

While not explicitly addressed by any RFC, based on common sense this commit explicitly forbids the use of any signing key for Unsecured JWT. As Unsecured JWT requires an empty signature and cannot possibly make use of a key, it should be considered an error to use a key together with algorithm value of "none". For an Unsecured JWT the signing key should be set to either false or nil.

[sourcelevel-bot[bot]]

Hello, @hesalx! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information.

[glasses618]

Hi @hesalx , just want to remind you that. If you put the issue link in the commit message. Every time you force-pushed will add a message automatically in the original issue page this Maybe you could remove the link from your commit message if this is not the behavior you expect.