feat: generate jwt tokens from signing key

[sweatybridge]

What kind of change does this PR introduce?

feature

What is the new behavior?

• Generates local anon and service role keys from signing key.
• Resolves only public keys when injecting to services.

Additional context

TODO:

• handle multiple standby keys

[coveralls]

Pull Request Test Coverage Report for Build 16976524820

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 11 of 13 (84.62%) changed or added relevant lines in 1 file are covered.
• 391 unchanged lines in 14 files lost coverage.
• Overall coverage decreased (-0.5%) to 54.808%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/gen/signingkeys/signingkeys.go	11	13	84.62%

Files with Coverage Reduction	New Missed Lines	%
internal/storage/rm/rm.go	2	80.61%
internal/gen/keys/keys.go	5	12.9%
internal/branches/list/list.go	7	0.0%
internal/db/diff/pgschema.go	12	0.0%
internal/db/pull/pull.go	15	79.49%
internal/db/diff/diff.go	18	69.34%
cmd/root.go	21	0.0%
internal/branches/get/get.go	22	0.0%
internal/db/diff/migra.go	28	53.33%
internal/utils/flags/db_url.go	28	61.49%

Totals
Change from base Build 16677900504:	-0.5%
Covered Lines:	6196
Relevant Lines:	11305

---

💛 - Coveralls

[hf]

Pushing a signing key is OK but it should come with a huge warning that the security of the key relies on the security of the device and person making the push.