[Security] supported and recommended algs

oidc core forces the adoption of RS256 and enable the implementation of ES256

unfortunately RS256 is to be considered a weka algorithm that, even if it still usable, requires a frequent key rollover to mitigate their risks.

FAPI recommends ES and P here
https://openid.net/specs/openid-financial-api-part-2-1_0-final.html#algorithm-considerations

we’re evaluating to include a reference and a recommendation in iGOV regarding the algs that must be supported (if weak with which workaround) and that should supported (FAPI recommendation)