RFC: Add support for ES256 algorithm

[bshaffer]

Allows verification of EC256 algorithm (see #251).

example:

$http = new GuzzleHttp\Client();
$response = $http->request('GET', 'https://www.gstatic.com/iap/verify/public_key', []);

// Create an array of keys from the gstatic URL
$keys = json_decode((string) $response->getBody(), true);

// Validate the signature using the key set and ES256 algorithm.
try {
    $jwt = FirebaseJWT::decode($jwt, $keys, ['ES256']);
} catch (\Exception $e) {
    return print("Failed to validate JWT: " . $e->getMessage() . PHP_EOL);
}

// Token contains issuer, audience, etc.
assert($jwt->iss == 'https://cloud.google.com/iap');
assert($jwt->aud == $expected_audience);

[bshaffer]

Actually implements support for #239