Have the validation keys as an IORef

[dnikolovv]

This goes back to #153.

It is very limiting not being able to update the validation keys, as most auth providers (Cognito, Auth0, Firebase) use rotating keys.

This change makes it very straightforward to implement. I saw that there is a (stale?) PR referring to this issue (#169), but I find this approach much less invasive therefore I'm submitting a new one.

Example on how you could use this to implement rotating keys:

getConfig :: IO Config
getConfig = do
 -- ...
 jwtSettings <- initializeJWTSettings

 void . async $
   forever $ do
     newKeys <- getKeys
     writeIORef (validationKeys jwtSettings) newKeys
     threadDelay $ 1000 * 60000 * 60 -- 60 minutes
 -- ...

[dnikolovv]

I was thinking we could even omit the IO via unsafePerformIO to avoid forcing existing users change their code. It should be relatively safe as the only thing we're doing is create a new IORef.

This will make the changes even less invasive (or in most cases invisible).

I guess @jkarni @domenkozar or other maintainers should give their opinion on that.