jti replay protection should be optional

[philhug]

When using jwtproxy as a generic oauth2-proxy which verifies access tokens, a client will reuse the same access token it received from the IdP as long as it remains valid.

I can prepare a PR if this sounds reasonable to you.

[mshaposhnik]

A strong +1 for that...

[mikelduke]

I made a new storage type for none to disable the jti nonce storage and always pass verification.

I submitted a PR with this which will allow for jwt reuse.