Secure connection to OnlyOffice using a JSON Web Token (JWT)

[ldubost]

It seems onlyoffice has a JWT Token configuration which would allow to limit usage of an Onlyoffice server to specific users:

Local install:
See https://api.onlyoffice.com/editors/signature/

Docker version:
https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx
See
JWT_ENABLED: Specifies the enabling the JSON web token validation by ONLYOFFICE Docs. Defaults to false.
JWT_SECRET: Defines the secret key to validate the JSON web token in the request to ONLYOFFICE Docs. Defaults to secret.
JWT_HEADER: Defines the HTTP header that will be used to send the JSON web token. Defaults to Authorization.
JWT_IN_BODY: Specifies the enabling the token validation in the request body to the ONLYOFFICE Docs. Defaults to false.

This token can be passed by session in header or in body:
https://api.onlyoffice.com/editors/signature/request
https://api.onlyoffice.com/editors/signature/body

We should check if we can implement this.

[trrenty]

The issue was fixed as a result of #40 . Now, the JWT_SECRET needs to be filled in the administration section in order to support only office document servers that have JWT enabled.

I created #42 as an extension to this issue.