Harden constitution validation for JWT, CA, and member keys

[Copilot]

Constitution validators accepted weak or malformed security inputs, including unsafe JWKS metadata, non-HTTPS JWT issuers, non-CA TLS trust anchors, and unchecked member encryption keys. This tightens validation using the existing JS crypto surface where available.

• JWKS validation
  • Require unique kid values.
  • Restrict kty to RSA or EC.
  • Restrict use to sig.
  • Restrict alg to supported signing algorithms (RS256, ES256).
  • Validate RSA/EC public key parameters, including P-256, P-384, and P-521 EC curves, and reject weak RSA keys.
  • Validate x5c certificate chains to the provided root.

checkEnum(jwk.kty, ["RSA", "EC"], `${keyField}.kty`);
checkEnum(jwk.alg, jwk.kty === "RSA" ? ["RS256"] : ["ES256"], `${keyField}.alg`);
checkEnum(jwk.use, ["sig"], `${keyField}.use`);

• JWT issuer validation

  • Require all JWT issuers to be HTTPS URLs.
  • Reject issuers with query strings or fragments, regardless of auto_refresh.

• CA bundle validation

  • set_ca_cert_bundle now requires certificates that validate as CA trust anchors, not merely parseable PEM.

• Member encryption key validation

  • set_member now validates encryption_pub_key as a well-formed RSA public key with minimum strength before storing it.

• P-521 support

  • Added P-521 JWK/PEM curve mapping support in the existing crypto surface used by validation.
  • Extended related JS crypto and C++ crypto tests for P-521 coverage.

• Coverage updates

  • Added focused governance validation cases for rejected JWT issuer/JWKS inputs.
  • Added rejection coverage for non-CA certificate bundles.
  • Updated JWT test certificate generation and docs to satisfy stricter validation.

[achamayou]

@copilot add a relevant changelog entry

[Copilot]

@copilot add a relevant changelog entry

Added the changelog entry in bdfdd14.