JSON Web Keys

The OpenID specification requires a JWKs endpoint to list public keys that can verify ID tokens.

TODO: Expand this with how the keys should be generated/rotated, where they're stored, what format.