Optional background thread for JWKS refresh #191
Description
It stinks to pause a verification for a refresh, especially if the JWKS server took that exact second to respond slowly.
The library should have an optional background thread (enabled / disabled by invoking an appropriately-named keycache_* function)
This should default to off but, based on the library config at load time (in issue #189 we will provide a new way to manipulate config) it can be turned on. If enabled at load time, the thread launches at load time. If enabled after load - but before the first verify (using a once flag) - it will launch on first verify. A condition variable should be used to allow the thread to gracefully wake and shutdown when it isn't refreshing. At library unload (or when the public API to stop the background thread is invoked), the thread should be shutdown.
The main loop of the background thread should be to wake up every N milliseconds, iterate through every known issuer and, if the next update is within M milliseconds, try to refresh the JWKS. N and M should be configurable, defaulting to 60000 (60 seconds) and 600000 (10 minutes).
An integration test should be provided that reduces the values N and M so the test observes the refreshes.
In future work, we will keep monitoring statistics and count the number of successful and failed background refreshes.