FAPI2 RP: Allow clients that to not validate id token signature to certify
As discussed in https://bitbucket.org/openid/fapi/issues/522/optional-id-token-signature-validation-for, it is optional for clients to validate the id token returned from the token endpoint.
We should make sure that clients can certify in this situation.