refactor(ndi): use jose

[justin-tay]

This refactors the ndi implementation to use jose, add additional logging and fix some bugs.

This should also close #594

[LoneRifle]

lgtm. thanks once again for working on this!

[cflee]

For anyone else coming along and wondering what are the bugs fixed in this refactor PR, aka why their client suddenly broke against mockpass after upgrading from v4.0.8 to v4.0.9, here are what I think are the more material bugs fixed and changes made:

• On the v2 discovery endpoint, the token_endpoint_auth_signing_alg_values_supported and id_token_encryption_enc_values_supported now match the current values on NDI's endpoints and have multiple values; previously, they only had a single value.
• On the v2 token endpoint, the value of client assertion JWS header alg is now checked against the list of accepted algorithms as declared in token_endpoint_auth_signing_alg_values_supported; previously, it was not checked.
• On the v2 token endpoint, the presence of the client assertion JWS header typ key is now checked; previously, the presence was not checked.
• On the v2 token endpoint, the ID token JWE now uses the encryption method A256CBC-HS512 as declared in id_token_encryption_enc_values_supported; previously, it was using A128CBC-HS256, which was mismatching what was expected based on the discovery endpoint.
• On the v2 token endpoint, the ID token JWE is now encrypted to the appropriate RP key selected using the NDI-specified logic; previously, it was encrypting to the first encryption key found.
• On the v2 token endpoint, for some error responses, response status 401 is now used instead of 400.

If there are any other bugs that are known to be fixed, or if any of these are wrong, please correct me!