Add new authenticated /getSignatures endpoint

[Marketen]

To safely share stored signatures with third parties, we can implement a private endpoint to retrieve signatures. This new endpoint should be a POST request with the following json body:

{
    "network": <string>,
    "tag": <string>,
    "hours": <int>
}

The /getSignatures endpoint filters and returns all signatures that are newer than the specified number of hours old and belong to validators with the given network and tag.

Authentication
The /getSignatures endpoint should not be accessible by anyone. It is protected by an authentication middleware that uses JWT tokens.

How authentication works

• A JWT token, such as eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IkpvaG5Eb2UiLCJleHAiOjE3MTY5OTk5OTksImlzcyI6InRlc3QtYXBwIn0.VB7fHy0c0YXwG0V9hHBK0Hrft0hCVxZ70hBRGMbXodg, is signed with a private key.

• The API service reads from a /jwt directory where 256-bit secret keys for the allowed JWT tokens are stored. Each key is in a file named according to the tag it is allowed to access. For example, the secret key for stader's JWT is stored in /jwt/stader.

• The caller must include an "Authorization" header with the value Bearer <jwtToken> when asking for /getSignatures

• When /getSignatures is called by stader, the API checks if stader's private key is inside /jwt directory, and if stader is asking for signature with tag = stader. If any of these are not true, return unauthorized. We should not share signatures from one 3rd party to another. For example, signatures with tag "rocketpool" to stader.

[pablomendezroyo]

Implemented in #57