Expose this server's keys on a JWKS endpoint

To allow consumers to validate the signature of their tokens, which are currently JSON Web Tokens, we can produce a JWKS Endpoint, as a step towards #376.

This also adds it to the OAuth Server Metadata to allow well-formed discovery and consumption of the JWKS URI.

We also remember to provide the correct content-type of the response, and validate that we can negotiate it.

To be especially sure it works, we can configure Nimbus to validate a JWS that we are issued with the JWKS endpoint, ensuring that it definitely works.