Improve token construction logic and change key getter to public

[bradjones1]

Thanks for this package; Apple is pretty frustrating in that they kinda look like OAuth but their implementation is, well, wacky!

I am in a situation where I am doing both native app sign-in with Apple (because it's required...) as well as supporting sign-in with Apple on the web. Because their implementation looks like OpenID Connect but they don't support a user info endpoint, I'm passing the web back-end the ID token (a JWS) and using that to extract out the user's identity. This is done via a token exchange grant.

Anyway, I needed a way to construct an access token object using the ID token, and found that 1) the docblock on the constructor didn't reflect the true data requirements of the method and 2) it would be helpful to be able to fetch the Apple JWK set outside of the provider.

This PR addresses both points, which I think help make this package more syntactically correct and useful.

Admittedly this is a bit of a drive-by contribution but if this looks good in spirit, I can make whatever adjustments you'd like, e.g. test coverage. I'm not quite sure this requires new coverage?

[patrickbussmann]

Thanks for your pull request @bradjones1. I allowed the actions to run but all tests are failing right now. Can you adjust them please? Thank you.

[bradjones1]

I still intend to loop around on this, just busy building the project that this is used in :joy:

Came back here to note that phpstan failed here b/c the param annotation expects Key[], but that is too strict.

Parameter #1 $keys of class League\OAuth2\Client\Token\AppleAccessToken constructor expects array<Firebase\JWT\Key>, array<string> given.