JWK X5U verification

[lhazlewood]

https://datatracker.ietf.org/doc/html/rfc7517#section-4.6

If receiving a JWK with x5u, it must be verified as defined in the above spec section before it can be used.

Work to be done in the jwe branch.

[lhazlewood]

@bdemers I seem to remember you working on similar HTTPS resolution logic for this stuff at one time, no? Any insights into this that I need to be aware of? Or do you want to take a crack at it?

[lhazlewood]

Even though the x5u parameter can exist in either a JWT header or a JWK, any validation mechanism for x5u should be identical (and even shared) between the two. As such, closing this as a duplicate of #408.