Enhance JWT support to include configurable audience and issuer

[lampholder]

The existing support cannot be configured to validate the JWT audience or issuer fields.

IIUC the default behaviour for pyjwt when decoding a JWT which includes an audience claim is to raise an error if that audience claim isn't validated. The end result is - our JWT support doesn't work for JWT's which include an audience claim today.

I'd like us to enhance our JWT processing to support:

• configurable iterable of audiences (audiences are strings; I ask for the ability to supply a set of these at configuration time because pyjwt supports it, not because I know of anybody who needs us to validate on multiple audiences)
• configurable issuer (issuer is also a string)

If these values are set in configuration we should include them in the call to jwt.decode.

audiences and issuer should be optional.

How the configuration might look when we're done:

jwt_config:
    enabled: true
    secret: "my-secret-token"
    algorithm: "HS256"
    issuer: "example.com"
    audiences:
        - "d145b65e-b2df-48d7-8681-7f40a4a09b5b"
        - "12bf4443-85f2-4a27-b810-9878574fd039"