Create a standalone authorization service and associated provider

The current auth provider in CFSSL uses a static key, and therefore is difficult to rotate in the case of a key compromise. CFSSL should support a token-based authorization system so that authorization credentials can be tied to specific end-entities and time-boxed.

Setting up an authorization service that uses JSON Web Tokens (https://en.wikipedia.org/wiki/JSON_Web_Token) and asymmetric keys would be a reasonable choice.