Enhancement: Reduce verify latency w/ cache-control

[kestred]

For high-volume sign-ins, Google recommends caching their client certificate according to cache-control headers on the HTTPS request used to fetch them.

We should switch the main verify function to use this flow instead of the slower "debug" flow using the tokenid endpoint.

See https://developers.google.com/identity/sign-in/web/backend-auth for more details.

[SeanOMik]

Wasn't this implemented with #4? Or maybe I'm misunderstanding what #4 actually did