Because of the random ordering of HashMap, if you have
overlapping token permissions, it is possible to randomly pick
one that leads to some operation working intermittently (see
https://github.com/zhaofengli/attic/issues/133 for an example of this).
By using an IndexMap instead, we make "iteration order of the key-value
pairs [...] independent of the hash values of the keys" (from the
indexmap crate docs [1]), which leads to more predictable behavior.
[1]: https://docs.rs/indexmap/latest/indexmap/
This effectively reverts commit 3e0b65a4c3.
Because jwt_simple doesn't have a unified type / trait that allows
signature and verification, I had to add a SignatureType enum to
approximate that.
