`id_token_signed_response_alg` should take precedence to sign `id_token`

[azmeuk]

Describe the bug

This is a follow-up to #802 and #755.

Currently, to find the alg to use to sign id_tokens, Authlib:

• use alg is set in get_jwt_config_ if defined
• else use client.id_token_signed_response_alg if defined
• else use the default RS256

I think client.id_token_signed_response_alg should be the primary option, as this is an explicit per-client configuration, defined in the spec. get_jwt_config()["alg"] could be considered as a custom default alg.

This may be a breaking change, so I think this could be introduced in 1.8.

Maybe if the get_jwt_config thing is overhauled, this can go with a deprecation time in 1.7?