Feature: Dynamic JWT Certificate Discovery via JWKS

[pawelmarkowski]

Overview

Currently, CasWAF relies on an embedded certificate for JWT handling during initialisation. CasWAF should support dynamic certificate fetching from a JWKS (JSON Web Key Set) endpoint at runtime.

Use Case Example

A person responsible for deployment sets the environment variable, or proper config during deployment:
/conf/app.conf
casdoorEndpoint = https://door.example.com

Upon startup, casWAF fetches the latest keys from casdoor endpoint, allowing the deployment to automatically trust tokens signed by the external provider without manual certificate management.

[hsluoyz]

see: #163 (comment)

[pawelmarkowski]

@hsluoyz, please find the revised description and code that address the user's requirements.