- Unintended errors in code should be 500
- Non Http custom exceptions should be 500
- Handled exceptions should use handler (and be 418 in this case)

But all of them are reported as 401 Unauthorized even
when the entrypoint does not requires authorization.

I added a case of exception that should be handled:
as auth errors: jwt validation errors

Using same approach as expiration check,
but maybe it should be a HttpException in order
to be properly handled both by fastapi and users.

Also unexpected errors are not transformed to
500 either on the test setup. Maybe because we are
not using Fastapi TestClient.

- Removed the generic error handling in __call__()
- Introduced specific error handling inside authenticate()
  for jwt decoding.
    - One use of jwt is in token generation in core,
      but in this case it won't be a authorization error
      but maybe a configuration one, we should see
      the details in logging or debugging platforms.
- For sure, other authorization errors caught previously
  as Exception now run on the wild.
  Review required on that.

That is:
- raising starlette.authentication.AuthenticationError
- providing an on_error callback turning starlet 400 into 401
  to keep same api
- letting the user provide their own on_error when instantiating
  the middleware.

- Use `default_on_error` instead of defining new one