Extend JWS to support Key ID.
Imported from https://youtrack.roxen.com/issue/PIKE-37
Reported by @grubba
Blocked by PIKE-38
ACME draft 7 6.2:
JWS objects sent in ACME requests MUST meet the following additional criteria: o The JWS MUST NOT have the value "none" in its "alg" field o The JWS MUST NOT have a Message Authentication Code (MAC)-based algorithm in its "alg" field o The JWS Protected Header MUST include the following fields: Barnes, et al. Expires December 23, 2017 [Page 9] Internet-Draft ACME June 2017 * "alg" (Algorithm) * "jwk" (JSON Web Key, only for requests to new-account and revoke-cert resources) * "kid" (Key ID, for all other requests) * "nonce" (defined in Section 6.4 below) * "url" (defined in Section 6.3 below) The "jwk" and "kid" fields are mutually exclusive. Servers MUST reject requests that contain both. For new-account requests, and for revoke-cert requests authenticated by certificate key, there MUST be a "jwk" field. For all other requests, there MUST be a "kid" field. This field must contain the account URL received by POSTing to the new-account resource.