🐛 Fixed signing key mismatching in JWT/JWKS

refs https://github.com/TryGhost/Team/issues/1640
closes https://github.com/TryGhost/Members/pull/401/
refs https://forum.ghost.org/t/ghost-jwt-question-possible-bug/30210

- Without `keyid` parameter some of the clien libraries were not able to match the signin key to verify JWT
- Missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client.
- The `kid` parameter was left in claims to avoid accidental breaking changes.

ghost/members-api/lib/services/token.js

@@ -20,6 +20,7 @@ module.exports = class TokenService {
             sub,
             kid: jwk.kid
         }, this._privateKey, {
+            keyid: jwk.kid,
             algorithm: 'RS512',
             audience: this._issuer,
             expiresIn: '10m',