Add examples to documentation on how to decode private keys with passphrases

[mark-adams]

The current API supports either passing in an unencrypted RSA key in PEM format or passing in a PublicKey / PrivateKey from cryptography. A common feature request has been to add the ability to accept a passphrase for encrypted keys as an argument to encode() or decode() but we've decided against that to avoid cluttering the API further.

Since the existing API supports passing in PublicKey and PrivateKey objects, we probably should document how to create PublicKey / PrivateKey objects using cryptography with passphrases so users of the library can reference the examples and use similar application code when interacting with PyJWT.

[desertkun]

from cryptography.hazmat.backends.openssl.backend import backend
from cryptography.hazmat.primitives import serialization

# how to load private key with passphrase
with open(private_key_file, "rb") as f:
    private_key = serialization.load_pem_private_key(
        f.read(), password=password.encode(), backend=backend)

token = jwt.encode(..., private_key, ...)

# how to load public key
with open(public_key_file, "rb") as f:
    public_key = serialization.load_pem_public_key(
        f.read(), backend=backend)

# decode back
header = jwt.get_unverified_header(token)
# ... figure out algorithm you need ...
data = jwt.decode(token, public_key, algorithms=alg)

[rayluo]

@mark-adams @jpadilla The rationale in this comment of issue 199 makes sense, and we now need to formally document it into here. Do you have any specific comment on @desertkun 's attempt above? I can make it a PR for you to review.

[rayluo]

@jpadilla This issue can be closed now, since we merged in #525?