Need to document that WSO2 IS does not support HMACSHA256 for signature algorithms.

[piraveena]

Describe the improvement

WSO2 IS does not support signing with HMAC SHA (SHA-256, SHA-384, SHA-512) and signing with ECDSA (SHA-256, SHA-384, SHA-512) OOTB. Idtokens and JWTtokens do not support these signatures algorithms.

This blog [4] says that IS supports HMAC algorithm for idtoken signature. This also needs to be corrected. If someone wants to support HMAC or ECDSA , then need to write some extensions to support it.

We need to have a doc similar to this [6].

[1][https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v6.4.122/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java#L390] [2]https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v6.4.122/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java#L399 [3][https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v6.4.122/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L2356] [4]https://wso2.com/blogs/thesource/2019/11/quick-intros-to-json-and-jwt-exclusively-for-cat-lovers/ [5]https://github.com/lahirus/oauth-hmac-extension/blob/master/src/main/java/com/sample/lahiru/wso2/hmac/oauth/OAuthHMACTokenIssuer.java [6]https://apim.docs.wso2.com/en/latest/learn/api-security/oauth2/securing-oauth-token-with-hmac-validation/#securing-oauth-token-with-hmac-validation