wip/rib/aud-string-arrays verifier: allow string or array 'aud' claims
Previously we were asserting that any 'aud' claim must be a string but
RFC 7519 states that it may be a string or an array:
4.1.3:
"In the general case, the "aud" value is an array of case-
sensitive strings, each containing a StringOrURI value. In the
special case when the JWT has one audience, the "aud" value MAY be a
single case-sensitive string containing a StringOrURI value."
This relaxes the built-in verification of standard claims done by
jsonwebtokens to allow an aud claim to also be an array of string.
This adds a new string_or_array_contains() verifier that can be used to
assert that a given claim is either a string or an array of strings and
and checks that the claim either equals a given string value or
contains a given string value.
The .audience() verifier is now a convenience wrapper for:
.string_or_array_contains("aud", "value")
This adds unit tests for the new functionality.
Fixes #13
