Canonical JWT encoding

[yfuruyama]

From perl v5.18, the key order of hash is randomized and two JSON encoded strings may be different even if they come from same structure of hash.

Encoding to JWT has same problem.

#!/usr/bin/env perl
use v5.18;
use JSON::WebToken;

for (1..3) {
    my $claims = {
        sub => '1234',
        iss => 'dave',
        aud => 'tom',
    };

    say encode_jwt $claims, 'secret'; 
}

This simple sample code says

eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJ0b20iLCJzdWIiOiIxMjM0IiwiaXNzIjoiZGF2ZSJ9.bajTuYDNPetfv_Zb3OGDgSutIDq5HY6aKC9H9y1PfD4
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0IiwiaXNzIjoiZGF2ZSIsImF1ZCI6InRvbSJ9.z2lVlConVX2YKT7xrpe4EE7IneVQTFcRjtqPxpT_xjM
eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkYXZlIiwic3ViIjoiMTIzNCIsImF1ZCI6InRvbSJ9.104dgCS4l4l49igJ4Z07PA3hVp_AGQmdTRe5uB2h2Kc

Encoding results are completely deferent even if they have same claims.

JWT spec doesn't refer to above things but I think the same JWT claims should have exactly same JWT string.

This pull-req is intended to fix that problem by using canonical JSON encoding.