EdDSA Algorithm Support

[sundbry]

Hello @kdubb,

Thank you for maintaining this plugin! This PR adds end to end support for the EdDSA signature algorithm using the ED25519 curve, as specified in RFC 8037. To use it, specify EdDSA as the sig_alg in the config.

Use case: I wanted to use this plugin to manage service account tokens in my cluster. I had a specific requirement that the JWTs use the EdDSA signature algorithm.

Example output:

curl -i http://localhost:8200/v1/jwt/jwks
HTTP/2 200
cache-control: no-store
content-type: application/jwk-set+json
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 294
date: Thu, 17 Oct 2024 22:23:07 GMT

{"keys":[{"use":"sig","kty":"OKP","kid":"_h0PmyOGrVDz_UigcHe8OVD27_o","crv":"Ed25519","alg":"EdDSA","x":"exyyS0587hKfD7tWTZmVj4KykNMnAwGqRckevoM1xm4"},{"use":"sig","kty":"OKP","kid":"dRq7Fm6Z
l8YzIwbiJq26sjlZJis","crv":"Ed25519","alg":"EdDSA","x":"O8WwHreDBmCf7RBr3hirBciavQLUFyJ5jbwJuaf3Ewo"}]}⏎

vault write -f /helium-jwt/sign/admin
Key                Value
---                -----
lease_id           jwt/sign/admin/obise6joPAKqgGZg8HeSBS9L
lease_duration     720h
lease_renewable    false
token              eyJhbGciOiJFZERTQSIsImtpZCI6ImRScTdGbTZabDhZekl3YmlKcTI2c2psWkppcyIsInR5cCI6IkpXVCJ9....

[kdubb]

@sundbry Thanks for the PR! Glad to have the help. Can you add tests for the new curve? Specifically, test that it can be configured (options separately if possible), that the public key makes it into the advertised public key list, and anything else you see fit.