The token is currently not encrypted (should be possible though),
and we're currently using a symmetric key for the signature (can be
changed).
It is yet unclear how to go from kolab4 entitlements to specific plan,
but should be straightforward enough.Issues a jwt token signed by app.vpn.signing_key