feat: Allow JWT signing keys to be shared (closes #4699)

[keeganwitt]

Pull Request check list

• Commit conforms to CONTRIBUTING.md?
• Proper tests/regressions included?
• Documentation updated?

Affected functionality

• AWS KMS KeyManager server plugin
• Azure Key Vault KeyManager server plugin
• GCP KMS KeyManager server plugin
• Disk KeyManager server plugin

Description of change
Adds the ability to share signing keys between server instances rather than each instance managing its own key pairs, so that the number of keys that will be exposed in the JWKS endpoint is reduced.

Which issue this PR fixes
#4699

[sorindumitru]

We've discussing this a bit, here's a summary of the discussions so far (at least the parts I remember):

• Since this may require experimenting we'd like to start with just the changes in the AWS keymanager. Once we get some familiarity with this mode, we can extend it to other plugins.
• We'd like to keep the plugin implementation be similar for the two different config options (shared and non-shared keys) so that it does not increase the maintenance burden.
• This may require some changes in other parts of the code. E.g. how key ids are generated. Each server currently generates a random number for it's key so I think that even with this you'll get N keys in the bundle. We'll likely have to make it more deterministic, maybe based on the public key.
• It's unclear how well this will work with removal from the bundle. It may just work, but it might depend on TTLs and on when a certain key starts being used.
• Some feature might not work at all with this, e.g. tainting keys. It would be nice to have some kind of support for this, but it may be hard without the servers communicating between each other.