feature: pem certificate support

[Alexey-N-Chernyshov]

Adds CERTIFICATE tag for pem files.
RSA tests were extended with certificates.
Self-signed certificates were generated:

# openssl req -new -key private.pem -out certificate.csr 
# openssl x509 -req -days 358000 -in certificate.csr -signkey private.pem -out certificate.crt

certificate.crt files may be checked at https://www.sslchecker.com/certdecoder

[rib]

Thanks this looks good to me, with just one comment about whether it's really valid to differentiate between pkcs#1 and pkcs#8 for these certificates vs just referring to them as "pem".

I'll also link to this issue: Keats/jsonwebtoken#259 and this PR Keats/jsonwebtoken#274 with equivalent changes that help add relevant context here.

[Alexey-N-Chernyshov]

I there anything you want me to change in this PR?

[rib]

I there anything you want me to change in this PR?

Is there a practical difference between round_trip_sign_verification_certificate_pem_pkcs1 and round_trip_sign_verification_certificate_pem_pkcs8 apart from testing with different certificate data?

As I understand it they test the same thing (it doesn't really matter that the input keys to create the certificates were in pkcs1 vs pkcs8?).

If that's the case then we can remove one of the tests and just add a single .crt and .csr pair.

[Alexey-N-Chernyshov]

I removed the test, but left the name certificate_rsa_pkcs1 to indicate it is generated with rsa_pkcs1 keys.

[Alexey-N-Chernyshov]

Can I ask you to make a release when the PR is merged?

[rib]

Thanks this looks good to me.

Yeah, I'm travelling at the moment but will try to spin a release after merging this.

I'd like to add a CHANGELOG and double check that it's only a semver patch bump.

Since it looks like the libs team came to a good conclusion here rust-lang/rust#103763 (comment) then I'm also inclined to revert back to simply using Arc::ptr_eq here:

jsonwebtokens/src/verifier.rs

Line 60 in a0969ae

// WARNING:

(and disable the clippy warning)