Add support for EdDSA JWT verification and JWKS parsing

[tachiniererin]

What is the underlying problem you're trying to solve?

OPA currently doesn't support verifying JSON Web Signatures based on EdDSA (https://www.rfc-editor.org/rfc/rfc8037.html).

Describe the ideal solution

Ideally OPA would have the same support for EdDSA keysets and signatures same as it does for other algorithms.

Describe a "Good Enough" solution

Parsing keysets containing EdDSA keys and verifying JSON Web Tokens signed with EdDSA.

Additional Context

JWX already supports EdDSA, but I'm unsure how much of a hassle it would be to implement support for EdDSA in OPA. I had a cursory look, and the main issue i could find is that the current algorithms are all HMAC based and EdDSA as defined in https://www.rfc-editor.org/rfc/rfc8037.html#section-3.1 is not. Technically, there's a PureEdDSA and a HashedEdDSA variant defined in https://www.rfc-editor.org/rfc/rfc8032#section-4, but HashedEdDSA doesn't seem to be defined for use in JWS.

[anderseknert]

Since we've vendored the JWX library for some custom requirements, we'd need to bump that dependency and make sure our custom modifications follow along. But if their support is only for HMAC variants, it sounds like we'd need more than that... which admittedly already is a bit of a hassle. If someone is willing to put in the work, a PR would be more than welcome :)

[tachiniererin]

Oh i didn't notice that it's vendored like that, i need to take a second look with that in mind, it might be easier then.

[anderseknert]

Yeah, custom modifications should be made easier, but updates a lot harder since... well, custom modifications :P

[stale]

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.

[sspaink]

resolved: #7824