v1.6

• #437 - renames CryptoToken to JwtAccessToken / use_crypto_tokens to use_jwt_access_tokens
• #447 - Adds a Couchbase storage implementation
• #460 - Rename JWT claims to match spec
• #470 - order does not matter for multi-valued response types
• #471 - Make validateAuthorizeRequest available for POST in addition to GET
• #475 - Adds JTI table definitiion
• #481 - better randomness for generating access tokens
• #480 - Use hash_equals() for signature verification (prevents remote timing attacks)
• #489, #491, #498 - misc other fixes