feat: generate jwt tokens from signing key

[sweatybridge]

What kind of change does this PR introduce?

feature

What is the new behavior?

• Generates local anon and service role keys from signing key.
• Refactors JWT struct in preparation for updating signing keys with config push.

Additional context

TODO:

• handle multiple standby keys

[coveralls]

Pull Request Test Coverage Report for Build 16906932911

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 11 of 13 (84.62%) changed or added relevant lines in 1 file are covered.
• 272 unchanged lines in 11 files lost coverage.
• Overall coverage decreased (-0.5%) to 54.799%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/gen/signingkeys/signingkeys.go	11	13	84.62%

Files with Coverage Reduction	New Missed Lines	%
internal/gen/keys/keys.go	5	12.9%
internal/branches/list/list.go	7	0.0%
internal/db/diff/pgschema.go	12	0.0%
internal/db/diff/diff.go	18	69.34%
cmd/root.go	21	0.0%
internal/branches/get/get.go	22	0.0%
internal/start/start.go	26	64.83%
internal/db/diff/migra.go	28	53.33%
internal/utils/flags/db_url.go	28	61.49%
internal/bootstrap/bootstrap.go	49	29.18%

Totals
Change from base Build 16677900504:	-0.5%
Covered Lines:	6201
Relevant Lines:	11316

---

💛 - Coveralls

[hf]

Pushing a signing key is OK but it should come with a huge warning that the security of the key relies on the security of the device and person making the push.