Add InvalidSignature exception

[MarkusH]

Right now the jws.decode() method raises a DecodeError when the signature verification failed. I would like to propose adding a dedicated InvalidSignatureError or SignatureVerificationError exception class.

The reasoning behind this: I'd like to implement a key-rotating feature that checks for one key and if the signature verification fails checks for the other key. The claims, algorithm, and whatnot still need to be validated. The only solution I see right now is catching the DecodeError and checking for e.args[0] == 'Signature verification failed' which feels super dirty.

Please let me know what you think about this. I'm happy to provide the corresponding backward compatible patch.

[jpadilla]

@MarkusH I'm +1 on raising an InvalidSignatureError there.

[MarkusH]

Sweet, I'll get on it tomorrow :)

[MarkusH]

I opened PR #316.