Support for additional claims in the JWT tokens, needed for Google's Identity-Aware Proxy

[kalugny]

Hi and thanks for an excellent package!

We're using Google Cloud's Identity-Aware Proxy (IAP) for which httr is almost compatible.
The only discrepancy is that IAP requires an additional "claim" on the JWT.

This pull requests:

1. Adds support for additional claims on the JWT, which you can pass as additional parameters to oauth_service_token
2. Supports getting the authentication header from the id_token if access_token is not set (which is the case for IAP tokens)

Using this for IAP is now very simple:

token <- oauth_service_token(
  endpoint = oauth_endpoints("google"),
  secrets = jsonlite::fromJSON('/path/to/credentials.json'),
  target_audience = iap_oauth_client_id
)

[kalugny]

This is the google docs for it:
https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_service_account

[kalugny]

@hadley any comments? Should I change something?
It's a simple extension that would support more use-cases.

[hadley]

Can you please add a bullet to the top of NEWS.md? It should briefly describe the change and end with (@yourname, #issuenumber).

[hadley]

Please don't change the version number

[hadley]

Suggested change

	#' @param ... any additional claims for the token.
	#' @param ... Any additional claims for the token.

[hadley]

I think you can remove this line since we're already inheriting docs from jwt_signature?

[hadley]

Using ... here seems a bit broad. I'd think it should be claims or similar?

[hadley]

httr has been superseded in favour of httr2, so is no longer under active development. Thanks for using httr, thanks for contributing, and my apologies that your contribution never made it into the package.